Reputation: 55
The default of contextIsolation is deprecated and will be changing from false to true in a future release of Electron
I am new to Electron.js. I was following a youtube tutorial for learning electron but this "The default of contextIsolation is deprecated and will be changing from false to true in a future release of Electron. See https://github.com/electron/electron/issues/23506 for more information" appears in my console. My main.js file is given below:
const electron = require('electron');
const url = require('url');
const path = require('path');
const {app , BrowserWindow,Menu}=electron;
let mainWindow;
//Listen for app to be ready
app.on('ready',function() {
//create new window
mainWindow=new BrowserWindow({});
//load html into window
mainWindow.loadURL(url.format({
pathname:path.join(__dirname,'mainWindow.html'),
protocol:'file',
slashes:true
}))
//Quit app when closed
mainWindow.on('closed',function(){
app.quit();
})
//build menu from template
const mainMenu=Menu.buildFromTemplate(mainMenuTemplate);
//insert menu
Menu.setApplicationMenu(mainMenu);
});
//handle create add window
function createAddWindow(){
//create new window
addWindow=new BrowserWindow({
width:300,
height:200,
title:'add shopping list item'
});
//load html into window
addWindow.loadURL(url.format({
pathname:path.join(__dirname,'addWndow.html'),
protocol:'file',
slashes:true
}));
//Garbage collection handle
addWindow.on('close',function(){
addWindow=null;
})
}
//Create Menu template
const mainMenuTemplate=[
{
label:'File',
submenu:[
{
label:'Add Item',
click(){
createAddWindow();
}
},
{
label:'Clear Items'
},
{
label:'Quit',
accelerator:process.platform== 'darwin' ? 'command+Q' : 'ctrl+Q',
click(){
app.quit(); }
},
]
}
]
Upvotes: 3
Views: 12365
Answers (1)
Reputation: 840
This is just a deprecation warning, it doesn't affect any of your code. Since you're not setting a value for contextIsolation explicitly, the default one is used, and once it is changed your app will not function the same way any more.
contextIsolation is an option that can be passed in webPreferences for a BrowserWindow, like this:
const win = new BrowserWindow({
width: 800,
height: 600,
webPreferences: {
contextIsolation: true
}
});
The Electron team decided to show this warning because contextIsolation is an option that deeply changes how Electron windows work. By default, Node globals are programatically stripped from the renderer context before executing scripts attached to the HTML page (after executing the preload script), which leaves some vulnerabilities open (such as the ones demonstrated here).
contextIsolation ensures that the two contexts (the preload scripts and the renderer scripts) remain fully isolated, save for APIs explicitly exposed through contextBridge. It's recommended to use contextIsolation unless you're definitively not loading any external content, which is why the default value will be changed. More on Electron security.
Upvotes: 8
Related Questions
- Electron non-context-aware native module in renderer issue
- Electron non-context-aware native module in renderer
- Sending commands to the web app in electron renderer process since contextIsolation changes
- context isolation when loading local content
- Electron dialog undefined in contextBridge
- Electron, contextIsolation and contextBridge
- How to access require, from an HTML file, when contextIsolation is set to true
- JavaScript context translate doesnt work in electron
- Context Menu in Electron
- Which context is the path relative to?