Electron v11 support #155
Comments
|
Hi @pierreraii , Sorry for the delay and hope you had a happy new year. Do you mind posting what the error message is? |
|
Hello @jviotti, The error is something like (Will try to edit this with a screenshot later): 'app of undefined' (Debugger points to remote being undefined in electron.remote.app which triggers the error) and this is caused by setting enableRemoteModule to false |
|
@jviotti are there plans to support |
|
Hey @slapbox , I'm thinking
const storage = require('electron-json-storage')
...
electron.contextBridge.exposeInMainWorld('storage', storage)The reason why I'm hesitant about making this a default shipped as part of the module is that What do you think? |
|
Hey @jviotti thanks for your reply! I figured basically the same as you about just using I tested this by cloning https://github.com/reZach/secure-electron-template and installing electron-json-storage, and then exposing it how you did: const storage = require('electron-json-storage');
contextBridge.exposeInMainWorld("api", {
storage
});And then I realized I needed to enable What sort of sizes of JSON documents do you think need to be planned for on the upper end? As I understand it the structured clone IPC is extremely efficient but overhead is still overhead. That said, security seems like a more paramount concern for more people in more cases. My two cents, the plan should probably be to make
|
Right now this module will crash when being ran on a renderer process that cannot access the `remote` module for determining a default data path. After this commit, the module will gracefully require users to call `.setDataPath()` if `remote.app` cannot be accessed. See: #155 Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
Right now this module will crash when being ran on a renderer process that cannot access the `remote` module for determining a default data path. After this commit, the module will gracefully require users to call `.setDataPath()` if `remote.app` cannot be accessed. See: #155 Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
That is a great point! I've sent #159 to try to auto-detect if the remote module is available from a renderer process and if not gracefully fallback to requesting the user to manually set a data path. I couldn't test it yet but I suspect that you can just check if Do you happen to know if there is a way to run
The IPC mechanism is probably very efficient. The less efficient part that I worry about is deep cloning JavaScript objects/arrays before sending them through IPC. This means that we would be effectively serializing/deserializing objects/arrays twice (once for IPC, and another one to store/retrieve from files).
Yeah, I think that makes sense given the direction Electron is taking. I'll try to send a PR making this the default so we see how it performs, and merge it if everything is fine (probably with a major version bump). |
|
@slapbox As an aside, you are doing a lot of work around this module, so I wonder if you would be open to co-maintaining this project. I believe I can you invited into this org if so. What do you think? |
Right now this module will crash when being ran on a renderer process that cannot access the `remote` module for determining a default data path. After this commit, the module will gracefully require users to call `.setDataPath()` if `remote.app` cannot be accessed. See: #155 Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
|
@slapbox The PR I sent you seems to make the module work fine with nodeIntegration: false,
contextIsolation: true,
enableRemoteModule: false,And whose preload script runs: const { contextBridge } = require('electron')
const storage = require('electron-json-storage')
contextBridge.exposeInMainWorld('api', {
storage
}) |
|
I guess that what we can do is detect if contextBridge.exposeInMainWorld('storage', require('electron-json-storage')) |
|
However keep in mind that I believe this does need to be done from within the preload script. So we would have to update the README to tell people to just add the following line to their preload script: Or something like that. |
|
I published v4.4.0 with the latest fix |
|
Unfortunately I'm not sure about I'd be open to helping to maintain, but I have to mention that I've got no experience with open source projects besides one-off pull requests and rambling in the issue trackers. I'd be happy to help how I can though. I'm looking forward to giving your new PR a try! We have a few other packages we still need to get ready for On the topic of what should be in the README, I think that we should mention best practices are to expose as little of the module as you need. So what we've ended up doing is something like this: const jsonStorage = {
set: (...args) => electronJsonStorage.set(...args),
getAsync: async (...args) =>
new Promise((resolve, reject) => {
electronJsonStorage.get(...args, (err, data) => {
if (err) reject(err);
resolve(data);
});
}),
};
window.api = {
jsonStorage
}In particular my concern here was that the storage directory path could be changed. It's a minor risk for sure, but it's perhaps a useful demonstration for people implementing preload/ Obviously it would be trivial to overwrite a given key with this setup so ideally a user might go even further to hardcode the keys that are allowed to be |
Yeah, feel free to send a PR updating the README promoting best practices! |
Was upgrading today to Electron v11
Using: electron-json-storage v4.3.0
Even after passing the data path form main_process to the renderer_process, and setting storage.setDataPath() in the renderer_process an error is being triggered by the utils.js line 30 (const app = electron.app || electron.remote.app)
I am calling storage.setDataPath() with the relevant path first thing after requiring the electron-json-storage module
The text was updated successfully, but these errors were encountered: