Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: increase security of default_app #17318

Merged
merged 1 commit into from Mar 11, 2019

Conversation

Projects
None yet
3 participants
@miniak
Copy link
Contributor

miniak commented Mar 10, 2019

Description of Change

  • enable sandbox
  • disable remote module
  • disable creation of new windows, open in default browser instead
  • apply session.setPermissionRequestHandler()
  • load SVGs via fetch() instead of fs.readFileSync()

/cc @electron/wg-security

Checklist

Release Notes

Notes: Enabled sandbox and disabled remote module in default_app.

@miniak miniak requested a review from electron/wg-security Mar 10, 2019

@miniak miniak self-assigned this Mar 10, 2019

@miniak miniak force-pushed the miniak/default-app branch from b91251d to f9f009b Mar 10, 2019

@miniak miniak added target/5-0-x and removed target/5-0-x labels Mar 10, 2019

@miniak miniak force-pushed the miniak/default-app branch from f9f009b to 6790583 Mar 10, 2019

@miniak miniak changed the title chore: enable sandbox + disable remote module in default_app chore: increase security of default_app Mar 10, 2019

@miniak miniak force-pushed the miniak/default-app branch 7 times, most recently from 73ecca1 to 18621a7 Mar 10, 2019

@miniak

This comment has been minimized.

Copy link
Contributor Author

miniak commented Mar 10, 2019

cc @codebytere for the SVG related changes

@miniak miniak force-pushed the miniak/default-app branch from 18621a7 to b97703c Mar 10, 2019

@electron-cation electron-cation bot removed the new-pr 🌱 label Mar 11, 2019

@MarshallOfSound
Copy link
Member

MarshallOfSound left a comment

Seems legit 👍

@MarshallOfSound MarshallOfSound merged commit a8698d0 into master Mar 11, 2019

6 checks passed

Semantic Pull Request ready to be squashed
Details
appveyor: win-ia32-testing AppVeyor build succeeded
Details
appveyor: win-ia32-testing-pr AppVeyor build succeeded
Details
appveyor: win-x64-testing AppVeyor build succeeded
Details
appveyor: win-x64-testing-pr AppVeyor build succeeded
Details
release-notes Release notes found
@release-clerk

This comment has been minimized.

Copy link

release-clerk bot commented Mar 11, 2019

Release Notes Persisted

Enabled sandbox and disabled remote module in default_app.

@MarshallOfSound MarshallOfSound deleted the miniak/default-app branch Mar 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.