Update electron

[jschr]

Electron 2+ contains some security fixes. I took a stab a updating but ran into a bunch of warnings / errors trying to get browser sync working with a content security policy.

I gave up trying to fix the warnings for dev–progress here.

I'll be away for a couple weeks so I can pick this up after.

[pronebird]

Awesome! 🎉 I'd say we can live with insecure content warnings coming from browser-sync, since it's development only issue and shouldn't affect production.

[jschr]

The tricky part was that complying with the new security fixes breaks browser-sync. Got stuck trying to figure out how to only enable the content security policy in production. I'm sure there's a way to do it though and a week off should help :-)

The problem is adding this meta tag breaks browser sync and AFAIK there's no way to conditionally apply it in index.html: https://github.com/jschr/electron-react-redux-boilerplate/compare/update-electron#diff-b9707fe88797285e93483456d1389b61R5

Using the onHeadersReceived callback is supposed to be another way to set the policy but my first attempt didn't work either: https://github.com/jschr/electron-react-redux-boilerplate/compare/update-electron#diff-3c56f1dfc265d93d754c52ea6397c36aR55

[pronebird]

Yeah, maybe we can whitelist browser-sync's URL when starting Electron from serve.js. Need to investigate this.

[pronebird]

FYI: since you're working on this PR, you can use

mainWindow.loadFile('build/index.html');

instead of

mainWindow.loadURL(
  url.format({
    pathname: path.join(__dirname, 'index.html'),
    protocol: 'file:',
    slashes: true,
  }),
);

We can then remove the following imports from main.js too: (since they will be unused)

import path from 'path';
import url from 'url';

That's something new in the Electron 2.0.