electron-csp-test

Clone and run for an example of Electron Issue 6465

This is a minimal Electron application used to reproduce the issue where you can only register certain protocol schemes (i.e. https, file) as bypassing a page's CSP policy with webFrame.registerURLSchemeAsBypassingCSP(scheme) instead of being able to use a finer control over bypassing a page's CSP policy with things like CSP Source Lists like http://*.example.com

Explanation of the application:

The main browser window loads two webviews. Both webviews load https://github.com.
Both webviews try to load a remote script from https://hosted-script.herokuapp.com/alert.js
One webview registers the scheme https as bypassing CSP, which works as can be seen by the console log in the developer tools of the webview:

The other webview registers the scheme https://\*.herokuapp.com, which fails because the script is blocked by github's CSP scheme as can be seen by the console log in the developer tools of the webview:

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
screenshots		screenshots
.gitignore		.gitignore
README.md		README.md
index.html		index.html
main.js		main.js
package.json		package.json
preload_csp_https_scheme.js		preload_csp_https_scheme.js
preload_csp_url_scheme.js		preload_csp_url_scheme.js
renderer.js		renderer.js
script.js		script.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

electron-csp-test

About

Releases

Packages

Languages

asaschachar/electron-csp-test

Folders and files

Latest commit

History

Repository files navigation

electron-csp-test

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages