Building a Secure Electron App

栏目: IT技术 · 发布时间: 4年前

内容简介:The best way to build Electron apps with security in mind.If you are curious about what makes an electron app secure, please check outTaken from the

secure-electron-template

The best way to build Electron apps with security in mind.

If you are curious about what makes an electron app secure, please check out this page .

Features

Taken from the best-practices official page, here is what this repository offers!

  1. Only load secure content - (Need help!)
  2. Do not enable node.js integration for remote content - :white_check_mark:
  3. Enable context isolation for remote content - :white_check_mark:
  4. Handle session permission requests from remote content - :white_check_mark:
  5. Do not disable websecurity - :white_check_mark:
  6. Define a content security policy - :white_check_mark:
  7. Do not set allowRunningInsecureContent to true - :white_check_mark:
  8. Do not enable expirimental features - :white_check_mark:
  9. Do not use enableBlinkFeatures - :white_check_mark:
  10. Do not use allowpopups - :white_check_mark:
  11. <webview> verify options and params - :white_check_mark:
  12. Disable or limit navigation - :white_check_mark:
  13. Disable or limit creation of new windows - :white_check_mark:
  14. Do not use openExternal with untrusted content - :white_check_mark:
  15. Disable remote module - :white_check_mark:
  16. Filter the remote module - todo!
  17. Use a current version of electron - :white_check_mark:

Included frameworks

Built-in to this template are a number of popular frameworks already wired up to get you on the road running.

Roadmap

There are a number of additions that I'd like to implement in this repository, namely:

Both of these plans are being held back by some enhancements I'm going to tackle detailed in this issue . They will come soon.

I'd also like to get features such as auto-updating and more release-focused enhancements as well as a redux undo/redo history and test suites, but those are lower priority (but I welcome PRs!).

Architecture

For a more detailed view of the architecture of the template, please check out here . I would highly recommend reading this document to get yourself familiarized with this template.

How to get started

git clone https://github.com/reZach/secure-electron-template.git
cd secure-electron-template
npm i
npm run dev

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

大转换

大转换

尼古拉斯·卡尔 / 闫鲜宁、张付国 / 中信 / 2016-2 / 49

1、我们这个时代最清醒的思考者之一尼古拉斯·卡尔继《浅薄》《玻璃笼子》之后又一重磅力作。 2、在这部跨越历史、经济和技术领域的著作中,作者从廉价的电力运营方式对社会变革的深刻影响延伸到互联网对我们生活的这个世界的重构性影响。 3、《快公司》《金融时报》《华尔街日报》联袂推荐 简介 早在2003年,尼古拉斯·卡尔先生发表在《哈佛商业评论》上的一篇文章——IT Doesn't ......一起来看看 《大转换》 这本书的介绍吧!

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

正则表达式在线测试
正则表达式在线测试

正则表达式在线测试

RGB HSV 转换
RGB HSV 转换

RGB HSV 互转工具