I am working on an electron project that requires remote content to be loaded to function properly. And as per the security guidelines found in electron docs: https://www.electronjs.org/docs/tutorial/security, the renderer process should have context isolation turned on with node integration and remote module turned off. And electron's v12 release is going to make this change default.
Electron-Webpack seems to use a hardcoded require when using Html-webpack-plugin to generate the template in development mode. This prevents the application from being tested with the node integration turned off. This issue seems to be resolved by moving the source-map-support module from the template head to the preload script. But it will require electron-webpack to use preload script by default resulting in other projects that don't use preload script to implement the change.
If a project uses the above workaround, the preload script does not seem to be loaded correctly. breaking the contextBridge module from exposing APIs from the isolated context. I have been able to replicate this issue with the electron-webpack-quick-start boilerplate and was not able to find a solution to this problem.
As Electron is moving forward by implementing more security-centric changes, this project should also support these changes. As future electron release might break the source-map-support in the renderer process.
There seems to be an issue already open #392, but it only describes the .ejs template. There the require not defined errors are caused by the source-map-support module.
Electron-Builder: v22.9.1 Electron: v11.2.2 Webpack: v4.46.0 Electron-Webpack: v2.8.2
Platform: Windows
I am working on an electron project that requires remote content to be loaded to function properly. And as per the security guidelines found in electron docs: https://www.electronjs.org/docs/tutorial/security, the renderer process should have context isolation turned on with node integration and remote module turned off. And electron's v12 release is going to make this change default.
Electron-Webpack seems to use a hardcoded require when using Html-webpack-plugin to generate the template in development mode. This prevents the application from being tested with the node integration turned off. This issue seems to be resolved by moving the source-map-support module from the template head to the preload script. But it will require electron-webpack to use preload script by default resulting in other projects that don't use preload script to implement the change.
If a project uses the above workaround, the preload script does not seem to be loaded correctly. breaking the contextBridge module from exposing APIs from the isolated context. I have been able to replicate this issue with the electron-webpack-quick-start boilerplate and was not able to find a solution to this problem.
As Electron is moving forward by implementing more security-centric changes, this project should also support these changes. As future electron release might break the source-map-support in the renderer process.
There seems to be an issue already open #392, but it only describes the .ejs template. There the
require not definederrors are caused by the source-map-support module.Sources: The workaround: https://gist.github.com/earksiinni/053470a04defc6d7dfaacd5e5a073b15