Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove sandbox: false from electron-vite-boilerplate and quick-start #21

Open
4 tasks done
MichaelJCole opened this issue Nov 14, 2023 · 1 comment
Open
4 tasks done

Remove sandbox: false from electron-vite-boilerplate and quick-start #21

MichaelJCole opened this issue Nov 14, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@MichaelJCole
Copy link

Clear and concise description of the problem

Hi, I'm looking to integrate nuxt with electron. I'm coming from the Quasar project. Quasar uses electron-vite.

I started with nuxt-electron plugin, but it disables a bunch of security features in electron.

This is the most secure config I could get to get the example started.

  win = new BrowserWindow({
    webPreferences: {
      preload,
      // nodeIntegrationInWorker: true,
      contextIsolation: false,
      nodeIntegration: true,
      // webSecurity: false,
    },
  });

I'm coming from Quasar, which appears to use electron-vite. The most secure config I can get is:

  mainWindow = new BrowserWindow({
    icon: path.resolve(__dirname, 'icons/icon.png'), // tray icon
    width: 1000,
    height: 600,
    useContentSize: true,
    webPreferences: {
      contextIsolation: true,
      // More info: https://v2.quasar.dev/quasar-cli-vite/developing-electron-apps/electron-preload-script
      preload: path.resolve(__dirname, process.env.QUASAR_ELECTRON_PRELOAD),
    },
  });

So why not use electron-vite directly? The most secure config I can get seems to be with the sandbox turned off:

  const mainWindow = new BrowserWindow({
    width: 900,
    height: 670,
    show: false,
    autoHideMenuBar: true,
    ...(process.platform === 'linux' ? { icon } : {}),
    webPreferences: {
      preload: join(__dirname, '../preload/index.js'),
      sandbox: false
    }
  })

If I enable the sandbox content doesn't show in the vue-typescript version. This seems to be the default for quickstart and electron-vite-boilerplate

What is Quasar doing with electron-vite to allow enabling the sandbox? Quasar appears to install electron-vite here and only needs to turn off sandbox to use @electron/remote

I don't see @electron/remote in the quick-start, why is sandbox: false needed?

Thank you!

Used Scaffolding

create-electron

Suggested solution

Use IPC in the examples.

Alternative

No response

Additional context

No response

Validations
@MichaelJCole MichaelJCole added the enhancement New feature or request label Nov 14, 2023
@alex8088
Copy link
Owner

Thanks for your suggestion. It is really necessary to add an example using ipc in the template. Of course you can get more in the documentation.

About sandbox:

Read more in Limitations of Sandboxing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelJCole @alex8088