Skip to content

Security: enforce trusted renderer origins (preload + navigation + IPC)#1904

Merged
gregpriday merged 1 commit intomainfrom
feature/issue-1889-security-enforce-trusted
Jan 28, 2026
Merged

Security: enforce trusted renderer origins (preload + navigation + IPC)#1904
gregpriday merged 1 commit intomainfrom
feature/issue-1889-security-enforce-trusted

Conversation

@gregpriday
Copy link
Copy Markdown
Collaborator

@gregpriday gregpriday commented Jan 28, 2026

Summary

Implements defense-in-depth security controls to enforce trusted renderer origins across three critical layers: preload API exposure, navigation guards, and IPC sender validation. This prevents untrusted origins from accessing privileged APIs even if the main window is compromised via XSS or navigation attacks.

Closes #1889

Changes Made

  • Add environment-aware origin allowlist (dev origins only in development mode)
  • Implement preload API gating with main-frame check to prevent subframe privilege escalation
  • Add global IPC sender validation via monkey-patch for comprehensive coverage
  • Block same-window navigations/redirects to untrusted URLs
  • Add comprehensive unit tests for origin validation with edge case coverage
  • Update existing IPC handler tests with mock senderFrame for compatibility
  • Configure test environment for development mode

Security Improvements

  • Preload gating: window.electron API only exposed to main frame of trusted origins
  • Navigation guards: will-navigate and will-redirect events block untrusted destinations
  • IPC validation: All IPC handlers validate sender origin before execution (174 handlers protected)
  • Environment-aware: Dev origins (localhost:5173, 127.0.0.1:5173) only trusted in development

Testing

  • All existing tests pass
  • New unit tests cover edge cases (malformed URLs, protocol normalization, query strings, etc.)
  • TypeScript compilation successful

@gregpriday
feat(security): enforce trusted renderer origins
215eb29 
- Add environment-aware origin allowlist (dev origins only in development)
- Implement preload API gating with main-frame check
- Add global IPC sender validation via monkey-patch
- Block same-window navigations/redirects to untrusted URLs
- Add comprehensive unit tests for origin validation
- Update existing IPC handler tests with mock senderFrame
- Configure test environment for development mode
@gregpriday gregpriday merged commit efd074e into main Jan 28, 2026
@gregpriday gregpriday deleted the feature/issue-1889-security-enforce-trusted branch January 28, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: enforce trusted renderer origins (preload + navigation + IPC)

1 participant

@gregpriday