Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: increase security of default_app #17318

Merged
merged 1 commit into from Mar 11, 2019
Merged

chore: increase security of default_app #17318

merged 1 commit into from Mar 11, 2019

Conversation

miniak
Copy link
Contributor

@miniak miniak commented Mar 10, 2019
edited

Description of Change

  • enable sandbox
  • disable remote module
  • disable creation of new windows, open in default browser instead
  • apply session.setPermissionRequestHandler()
  • load SVGs via fetch() instead of fs.readFileSync()

/cc @electron/wg-security

Checklist

Release Notes

Notes: Enabled sandbox and disabled remote module in default_app.

@miniak miniak requested a review from a team March 10, 2019 10:43
@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Mar 10, 2019
@miniak miniak self-assigned this Mar 10, 2019
@miniak miniak changed the title chore: enable sandbox + disable remote module in default_app chore: increase security of default_app Mar 10, 2019
@miniak miniak force-pushed the miniak/default-app branch 7 times, most recently from 73ecca1 to 18621a7 Compare March 10, 2019 14:29
@miniak
Copy link
Contributor Author

miniak commented Mar 10, 2019

cc @codebytere for the SVG related changes

@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Mar 11, 2019
MarshallOfSound
MarshallOfSound approved these changes Mar 11, 2019
View reviewed changes
Copy link
Member

@MarshallOfSound MarshallOfSound left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems legit 👍

@MarshallOfSound MarshallOfSound merged commit a8698d0 into master Mar 11, 2019
@release-clerk
Copy link

release-clerk bot commented Mar 11, 2019

Release Notes Persisted

Enabled sandbox and disabled remote module in default_app.

@MarshallOfSound MarshallOfSound deleted the miniak/default-app branch March 11, 2019 23:13
kiku-jw pushed a commit to kiku-jw/electron that referenced this pull request May 16, 2019
@miniak @kiku-jw
chore: increase security of default_app (electron#17318)
b7ea046
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere codebytere approved these changes

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees

@miniak miniak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@miniak @codebytere @MarshallOfSound