You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I agree to follow the Code of Conduct that this project adheres to.
I have searched the issue tracker for a feature request that matches the one I want to file, without success.
Problem Description
It is currently non-trivial for third parties to supply code for use with Electron that works seamlessly across Electrons processes.
With the current Electron defaults, to get a library working across processes, users have to be instructed to call code from main, preload and renderer and they need to be using a bundler for this to be possible. This means it's currently not possible to build an Electron app following the security guidance without using a bundler.
Allowing third parties to create secure, well-designed modules that can be used easily across Electrons process model would be a good thing for users!
Proposed Solution
Supply a secure way to inject code into the preload or a means to configure a contextBridge from the main process
Using paths to preload scripts will not work if the main process is bundled
Additional bonus if we can inject code into the renderers
Add missing APIs like before-browser-window-created which are required to support various plugins that manipulate BrowserWindow
Alternatives Considered
It's possible to use custom protocols to work around this but this is not ideal.
Additional Information
Tauri obviously doesn't have many of the same hurdles as Electron but its plugin system allows configuration of everything from the plugin:
Setup in main process
Define exposed IPC APIs
Inject renderer code
This makes it really easy to supply secure reliable plugins that include everything the user needs.
The text was updated successfully, but these errors were encountered:
There are too many constraints, which makes many people unwilling to upgrade the version. It is recommended to go back to the previous configuration mode enableRemoteModule
+1 😄
You can already implement this using existing Electron APIs. The only thing that is missing is the proposed before-browser-window-created event, which is being tracked by a separate issue.
Preflight Checklist
Problem Description
It is currently non-trivial for third parties to supply code for use with Electron that works seamlessly across Electrons processes.
With the current Electron defaults, to get a library working across processes, users have to be instructed to call code from main, preload and renderer and they need to be using a bundler for this to be possible. This means it's currently not possible to build an Electron app following the security guidance without using a bundler.
Allowing third parties to create secure, well-designed modules that can be used easily across Electrons process model would be a good thing for users!
Proposed Solution
contextBridge
from the main processbefore-browser-window-created
which are required to support various plugins that manipulateBrowserWindow
Alternatives Considered
It's possible to use custom protocols to work around this but this is not ideal.
Additional Information
Tauri obviously doesn't have many of the same hurdles as Electron but its plugin system allows configuration of everything from the plugin:
This makes it really easy to supply secure reliable plugins that include everything the user needs.
The text was updated successfully, but these errors were encountered: