-
Notifications
You must be signed in to change notification settings - Fork 70
HTTP_RESOURCES_JS_CHECK
Anthony Trummer edited this page Jan 6, 2022
·
4 revisions
When using HTTP as the transport, security is provided by Transport Layer Security (TLS). TLS, and its predecessor SSL, are widely used on the Internet to authenticate a service to a client, and then to provide confidentiality to the channel. Transport security is a critical mechanism for every Electron application.
Directly fetching content using plain-text HTTP opens your application to Man-in-the-Middle attacks.
Man-in-the-Middle attacks. If nodeIntegration is also enabled, an attacker can inject malicious JavaScript and compromise the user’s host.
Look for resources loaded using http, for example:
const win = new BrowserWindow({...});
win.loadURL('http://example.com/');