Electron Security Warning (Insecure Content-Security-Policy)

created at 03-26-2022 views: 3

problem

got this warning in my new Electron app

Electron Security Warning (Insecure Content-Security-Policy) This renderer process has either no Content Security
  Policy set or a policy with "unsafe-eval" enabled. This exposes users of
  this app to unnecessary security risks.

For more information and help, consult
https://electronjs.org/docs/tutorial/security.
This warning will not show up
once the app is packaged.
warnAboutInsecureCSP @ node:electron/js2c/renderer_init:89
logSecurityWarnings @ node:electron/js2c/renderer_init:89
(anonymous) @ node:electron/js2c/renderer_init:89
load (async)
securityWarnings @ node:electron/js2c/renderer_init:89
(anonymous) @ node:electron/js2c/renderer_init:69
./lib/renderer/common-init.ts @ node:electron/js2c/renderer_init:69
__webpack_require__ @ node:electron/js2c/renderer_init:1
(anonymous) @ node:electron/js2c/renderer_init:73
./lib/renderer/init.ts @ node:electron/js2c/renderer_init:73
__webpack_require__ @ node:electron/js2c/renderer_init:1
(anonymous) @ node:electron/js2c/renderer_init:1
___electron_webpack_init__ @ node:electron/js2c/renderer_init:1
(anonymous) @ node:electron/js2c/renderer_init:141
compileForInternalLoader @ node:internal/bootstrap/loaders:312
compileForPublicLoader @ node:internal/bootstrap/loaders:252
loadNativeModule @ node:internal/modules/cjs/helpers:49
Module._load @ node:internal/modules/cjs/loader:811
c._load @ node:electron/js2c/asar_bundle:5
executeUserEntryPoint @ node:internal/modules/run_main:81
(anonymous) @ node:internal/main/run_main_module:17

solution

to remove this warning, just add

<meta http-equiv="Content-Security-Policy" content="script-src 'self';">

into your index.html,like:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta http-equiv="Content-Security-Policy" content="script-src 'self';">
    <script src="index.js"></script>
  </head>
  <body></body>
</html>

reference

github

Please log in to leave a comment.