chore: Add new webFrame IsolatedWorldInfo API and deprecate

atom/renderer/api/atom_api_web_frame.cc

@@ -344,6 +344,40 @@ void WebFrame::SetIsolatedWorldHumanReadableName(int world_id,
       world_id, blink::WebString::FromUTF8(name));
 }
 
+void WebFrame::SetIsolatedWorldInfo(int world_id, mate::Arguments* args) {
+  if (args->Length() < 1) {
+    args->ThrowError("Invalid args");
+    return;
+  }
+
+  v8::Local<v8::Value> val;
+  args->GetNext(&val);
+
+  mate::Dictionary options;
+  if (!mate::ConvertFromV8(args->isolate(), val, &options)) {
+    args->ThrowError("Must pass valid object");
+    return;
+  }
+
+  std::string origin, csp, name;
+  options.Get("securityOrigin", &origin);
+  options.Get("csp", &csp);
+  options.Get("name", &name);
+
+  if (!csp.empty() && origin.empty()) {
+    args->ThrowError(
+        "If csp is spicified, securityOrigin should also be specified");
+    return;
+  }
+
+  if (!origin.empty())
+    SetIsolatedWorldSecurityOrigin(world_id, origin);
+  if (!csp.empty())
+    SetIsolatedWorldContentSecurityPolicy(world_id, csp);
+  if (!name.empty())
+    SetIsolatedWorldHumanReadableName(world_id, name);
+}
+
 // static
 mate::Handle<WebFrame> WebFrame::Create(v8::Isolate* isolate) {
   return mate::CreateHandle(isolate, new WebFrame(isolate));
@@ -478,12 +512,13 @@ void WebFrame::BuildPrototype(v8::Isolate* isolate,
       .SetMethod("executeJavaScript", &WebFrame::ExecuteJavaScript)
       .SetMethod("executeJavaScriptInIsolatedWorld",
                  &WebFrame::ExecuteJavaScriptInIsolatedWorld)
-      .SetMethod("setIsolatedWorldSecurityOrigin",
+      .SetMethod("_setIsolatedWorldSecurityOrigin",
                  &WebFrame::SetIsolatedWorldSecurityOrigin)
-      .SetMethod("setIsolatedWorldContentSecurityPolicy",
+      .SetMethod("_setIsolatedWorldContentSecurityPolicy",
                  &WebFrame::SetIsolatedWorldContentSecurityPolicy)
-      .SetMethod("setIsolatedWorldHumanReadableName",
+      .SetMethod("_setIsolatedWorldHumanReadableName",
                  &WebFrame::SetIsolatedWorldHumanReadableName)
+      .SetMethod("setIsolatedWorldInfo", &WebFrame::SetIsolatedWorldInfo)
       .SetMethod("getResourceUsage", &WebFrame::GetResourceUsage)
       .SetMethod("clearCache", &WebFrame::ClearCache)
       .SetMethod("getFrameForSelector", &WebFrame::GetFrameForSelector)

atom/renderer/api/atom_api_web_frame.h

@@ -75,7 +75,7 @@ class WebFrame : public mate::Wrappable<WebFrame> {
       int world_id,
       const std::string& security_policy);
   void SetIsolatedWorldHumanReadableName(int world_id, const std::string& name);
-
+  void SetIsolatedWorldInfo(int world_id, mate::Arguments* args);
   // Resource related methods
   blink::WebCache::ResourceTypeStats GetResourceUsage(v8::Isolate* isolate);
   void ClearCache(v8::Isolate* isolate);

docs/api/breaking-changes.md

@@ -71,6 +71,23 @@ Child windows opened with the `nativeWindowOpen` option will always have Node.js
 Renderer process APIs `webFrame.setRegisterURLSchemeAsPrivileged` and `webFrame.registerURLSchemeAsBypassingCSP` as well as browser process API `protocol.registerStandardSchemes` have been removed.
 A new API, `protocol.registerSchemesAsPrivileged` has been added and should be used for registering custom schemes with the required privileges. Custom schemes are required to be registered before app ready.
 
+## webFrame Isolated World APIs 
+
+```js
+// Deprecated
+webFrame.setIsolatedWorldContentSecurityPolicy(worldId, csp)
+webFrame.setIsolatedWorldHumanReadableName(worldId, name)
+webFrame.setIsolatedWorldSecurityOrigin(worldId, securityOrigin)
+// Replace with
+webFrame.setIsolatedWorldInfo(
+  worldId,
+  {
+    securityOrigin: 'some_origin',
+    name: 'human_readable_name',
+    csp: 'content_security_policy'
+  })
+```
+
 # Planned Breaking API Changes (4.0)
 
 The following list includes the breaking API changes made in Electron 4.0.

docs/api/web-frame.md

@@ -148,6 +148,16 @@ Set the name of the isolated world. Useful in devtools.
 
 Set the security origin of the isolated world.
 
+### `webFrame.setIsolatedWorldInfo(worldId, info)`
+* `worldId` Integer - The ID of the world to run the javascript in, `0` is the default world, `999` is the world used by Electrons `contextIsolation` feature.  You can provide any integer here.
+* `info` Object
+  * `securityOrigin` String (optional) - Security origin for the isolated world.
+  * `csp` String (optional) - Content Security Policy for the isolated world.
+  * `name` String (optional) - Name for isolated world. Useful in devtools.
+
+Set the security origin, content security policy and name of the isolated world.
+Note: If the `csp` is specified, then the `securityOrigin` also has to be specified.
+
 ### `webFrame.getResourceUsage()`
 
 Returns `Object`:

lib/renderer/api/web-frame.js

@@ -2,12 +2,27 @@
 
 const { EventEmitter } = require('events')
 const { webFrame, WebFrame } = process.atomBinding('web_frame')
+const { deprecate } = require('electron')
 
 // WebFrame is an EventEmitter.
 Object.setPrototypeOf(WebFrame.prototype, EventEmitter.prototype)
 EventEmitter.call(webFrame)
 
 // Lots of webview would subscribe to webFrame's events.
 webFrame.setMaxListeners(0)
+webFrame.setIsolatedWorldSecurityOrigin = (worldId, securityOrigin) => {
+  deprecate.warn('webFrame.setIsolatedWorldSecurityOrigin', 'webFrame.setIsolatedWorldInfo')
+  webFrame._setIsolatedWorldSecurityOrigin(worldId, securityOrigin)
+}
+
+webFrame.setIsolatedWorldContentSecurityPolicy = (worldId, csp) => {
+  deprecate.warn('webFrame.setIsolatedWorldContentSecurityPolicy', 'webFrame.setIsolatedWorldInfo')
+  webFrame._setIsolatedWorldContentSecurityPolicy(worldId, csp)
+}
+
+webFrame.setIsolatedWorldHumanReadableName = (worldId, name) => {
+  deprecate.warn('webFrame.setIsolatedWorldHumanReadableName', 'webFrame.setIsolatedWorldInfo')
+  webFrame._setIsolatedWorldHumanReadableName(worldId, name)
+}
 
 module.exports = webFrame