-
Notifications
You must be signed in to change notification settings - Fork 65
WEB_SECURITY_HTML_CHECK
Anthony Trummer edited this page Jan 6, 2022
·
4 revisions
This flag gives access to the underlying disablewebsecurity Chromium option. When
this attribute is present, the guest page will have web security disabled. For instance, the
Same-Origin Policy (SOP) will not be enforced.
Please note that the Same-Origin Policy is not strictly enforced by the current implementation of Electron, due to a design flaw. As a result, this option is practically irrelevant at the moment.
When enabled, SOP is not enforced and mixed content is allowed (e.g., HTTPS page using JavaScript, CSS from HTTP origins).
In the webview tag, look for disablewebsecurity attribute:
<webview src="https://doyensec.com/" disablewebsecurity></webview>Additionally, search for the runtime flag —disable-web-security in the package.json, and within the application codebase.