Building a Secure Electron App
source link: https://github.com/reZach/secure-electron-template
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
secure-electron-template
The best way to build Electron apps with security in mind.
If you are curious about what makes an electron app secure, please check out this page .
Features
Taken from the best-practices official page, here is what this repository offers!
- Only load secure content - (Need help!)
- Do not enable node.js integration for remote content - :white_check_mark:
- Enable context isolation for remote content - :white_check_mark:
- Handle session permission requests from remote content - :white_check_mark:
- Do not disable websecurity - :white_check_mark:
- Define a content security policy - :white_check_mark:
- Do not set allowRunningInsecureContent to true - :white_check_mark:
- Do not enable expirimental features - :white_check_mark:
- Do not use enableBlinkFeatures - :white_check_mark:
- Do not use allowpopups - :white_check_mark:
- <webview> verify options and params - :white_check_mark:
- Disable or limit navigation - :white_check_mark:
- Disable or limit creation of new windows - :white_check_mark:
- Do not use openExternal with untrusted content - :white_check_mark:
- Disable remote module - :white_check_mark:
- Filter the remote module - todo!
- Use a current version of electron - :white_check_mark:
Included frameworks
Built-in to this template are a number of popular frameworks already wired up to get you on the road running.
- Electron
- React
- Redux (with Redux toolkit )
- Babel
- Webpack (with webpack-dev-server )
- Electron builder (for packaging up your app)
Roadmap
There are a number of additions that I'd like to implement in this repository, namely:
- i18next (for localization). A package is already been started for this work.
- An electron store (to save user data), similar to this package
Both of these plans are being held back by some enhancements I'm going to tackle detailed in this issue . They will come soon.
I'd also like to get features such as auto-updating and more release-focused enhancements as well as a redux undo/redo history and test suites, but those are lower priority (but I welcome PRs!).
Architecture
For a more detailed view of the architecture of the template, please check out here . I would highly recommend reading this document to get yourself familiarized with this template.
How to get started
git clone https://github.com/reZach/secure-electron-template.git cd secure-electron-template npm i npm run dev
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK