search

leo / electron-next

Build Electron apps using Next.js
https://github.com/leo/site/blob/beef3a7dc1dfd435a9d8377e3b1b59761ccb7fc7/pages/2017/electron-next.js
MIT License
548 stars 41 forks source link

Electron Security Warning #16

Open jasford opened 6 years ago

jasford commented 6 years ago

Thanks for creating this! I followed the walkthrough blog post and when I run the app in development mode (npm start) and open the console from inside the app, I see this warning:

image

I think this is being triggered by the live reload parts of NextJS—so I think this is more of a false-flag warning, but I would like to not just get in the habit of ignoring that warning since it would be useful to know if I accidentally introduced a security hole by loading external content outside of a ` in my actual app.

I tried turning off nodeIntegration since I don't need it for my app, like this:

  mainWindow = new BrowserWindow({
    width: 800,
    height: 600,
    webPreferences: { nodeIntegration: false},
  })

But that just got me a full-blown error in the console:

image

Any ideas on how to get the hot reload to run locally so this warning is not triggered and/or so we could run with nodeIntegration: false?

HaNdTriX commented 6 years ago

This is because your webpack target is electron-renderer so webpack assumes require is defined.

Solutions

Change your webpack.target (recommended)

Change your webpack.target to be web (See next.config.js).

Docs | Code

Enable nodeIntegration

Or you can enable nodeIntegration in your WebView/BrowserWindow and remove the warnings by setting ELECTRON_DISABLE_SECURITY_WARNINGS on either process.env or the window object.

Docs

For a full example check out https://github.com/zeit/next.js/pull/4386