Add chrome config flags

[geekytime]

Adds basic config options for the Electron chrome args.

[geekytime]

Closing this for now. I'm going to work in my fork for a bit while I get some of these new features solidified.

[geekytime]

What about setting a flags property on the chrome-args object, that takes an array of flags?

These are literally key-value pairs. Why would we want to use an array for that? In the case of these flags, the key is "no-proxy-server" and the value is empty/"". Why is that a problem?

[LongLiveCHIEF]

For the same reason using a boolean didn't sound right to you, (because it will cause confusion), an empty string doesn't sound right to me. Having a "" feels like a placeholder for something, when anything you put there will be ignored.

[geekytime]

Having a "" feels like a placeholder for something, when anything you put there will be ignored.

It's not ignored, it's passed as the value for the flag.

[LongLiveCHIEF]

The value isn't utilized, so it wouldn't matter if it was a boolean, or a string. To me, that just smells of a potential security hole. It's a place where someone could sneak in a function and distribute a build that had nefarious purposes.

By making it an array, we use a more appropriate construct for the type of data, and reduce the likelihood of introducing security flaws.

:-1:

[geekytime]

Feel free to submit a PR demonstrating the vulnerability.

[LongLiveCHIEF]

[geekytime]

Oh, well, if Darth Vader agrees with you, then it must be right. :smile_cat:

[LongLiveCHIEF]

Challenge accepted....

I'm going to use this vulnerability to make the app load up Fox News (as a placeholder for [displaying/loading dangerous site/resource]. Would that be an acceptable demonstration of vulnerability?

[geekytime]

How is that a vulnerability? If people want to ruin the app, there are lots of ways to do that...

[geekytime]

We need to be able to provide quite a bit of flexibility of configuration for the Chromium instance, due to various network configurations. If you can make an argument that a particular flag is too dangerous to allow through, I'm willing to blacklist certain flags, but that's a different discussion than whether the config should be an array.