search

thombruce / notes-app

📝 In-browser and offline notes app built on Vue.js.
MIT License
0 stars 0 forks source link

Determine whether setting securityOrigin is necessary/beneficial #2

Closed thombruce closed 3 years ago

thombruce commented 3 years ago

https://www.electronjs.org/docs/api/web-frame#webframesetisolatedworldinfoworldid-info

const { webFrame } = require('electron')
webFrame.setIsolatedWorldInfo(someInteger, { // someInteger sets JS isolated world, default is 0, some are reserved
  securityOrigin: someStringValue,
  name: someStringValue
})

The concern is that if we don't set our own securityOrigin... does our app share an environment, including indexedDB, with other apps? In which case... potential data leakage? And also... necessity to namespace db tables.

thombruce commented 3 years ago

As discussed in #3, I'm putting a pin in publishing for desktop. Closing for now.