Unverified Commit fb0d9f88 authored by Amaury Martiny's avatar Amaury Martiny Committed by GitHub
Browse files

feat: Add electron security to disallow permission (#541)

* feat: Add electron security to disallow permission

* Fix lint?
parent cc413f86
Pipeline #50604 passed with stages
in 14 minutes and 18 seconds
......@@ -15,6 +15,22 @@ function setupRequestListeners (fetherApp) {
return messages(fetherApp, ...args);
});
// Electron security guideline
// Handle Session Permission Requests From Remote Content
// https://electronjs.org/docs/tutorial/security#4-handle-session-permission-requests-from-remote-content
session.defaultSession.setPermissionRequestHandler(
(_webContents, permission, reqCallback) => {
// Only allow camera
if (permission === 'media') {
reqCallback(true);
return;
}
reqCallback(false);
}
);
// WS calls have Origin `file://` by default, which is not trusted.
// We override Origin header on all WS connections with an authorized one.
session.defaultSession.webRequest.onBeforeSendHeaders(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment