-
Notifications
You must be signed in to change notification settings - Fork 68
HTTP_RESOURCES_HTML_CHECK
Anthony Trummer edited this page Jan 6, 2022
·
2 revisions
When using HTTP as the transport, security is provided by Transport Layer Security (TLS). TLS, and its predecessor SSL, are widely used on the Internet to authenticate a service to a client, and then to provide confidentiality to the channel. Transport security is a critical mechanism for every Electron application.
Directly fetching content using plain-text HTTP opens your application to Man-in-the-Middle attacks.
Man-in-the-Middle attacks. If nodeIntegration is also enabled, an attacker can inject malicious JavaScript and compromise the user’s host.
Look for resources loaded using http, for example:
<webview src="http://doyensec.com"></webview>