From 9ce27e5318b702eec5553e51658cfff13f50ba03 Mon Sep 17 00:00:00 2001
From: Teaveloper <49181620+LeUser111@users.noreply.github.com>
Date: Mon, 27 Oct 2025 21:56:53 +0100
Subject: [PATCH] docs: security.md use runnable examples for permissions and
 csp (#43248)

* docs: security.md use runnable examples for permissions and csp

Signed-off-by: LeUser111 <florian.wiedenmann@grob.de>

* Removed semi-colon for uniform js code style in examples

Signed-off-by: LeUser111 <florian.wiedenmann@grob.de>

* docs: security.md, session.md - added clarification on defaultSession, added csp example

* docs: security.md/session.md incorporated review feedback

* docs: security.md/session.md incorporated more review feedback

* docs: security.md/session.md incorporated more review feedback

* docs: tutorial/security.md - fixed linting issue

* chore: empty commit for CI

---------

Signed-off-by: LeUser111 <florian.wiedenmann@grob.de>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
---
 docs/api/session.md       | 2 +-
 docs/tutorial/security.md | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/api/session.md b/docs/api/session.md
index 96f0ab6e9a..2e6e61b718 100644
--- a/docs/api/session.md
+++ b/docs/api/session.md
@@ -66,7 +66,7 @@ The `session` module has the following properties:
 
 ### `session.defaultSession`
 
-A `Session` object, the default session object of the app.
+A `Session` object, the default session object of the app, available after `app.whenReady` is called.
 
 ## Class: Session
 
diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
index 3bbbd139da..81b4ce3c9e 100644
--- a/docs/tutorial/security.md
+++ b/docs/tutorial/security.md
@@ -299,7 +299,7 @@ const { session } = require('electron')
 const { URL } = require('node:url')
 
 session
-  .fromPartition('some-partition')
+  .defaultSession
   .setPermissionRequestHandler((webContents, permission, callback) => {
     const parsedUrl = new URL(webContents.getURL())
 
@@ -316,6 +316,8 @@ session
   })
 ```
 
+Note: `session.defaultSession` is only available after `app.whenReady` is called.
+
 ### 6. Do not disable `webSecurity`
 
 :::info
@@ -406,6 +408,8 @@ session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
 })
 ```
 
+Note: `session.defaultSession` is only available after `app.whenReady` is called.
+
 #### CSP meta tag
 
 CSP's preferred delivery mechanism is an HTTP header. However, it is not possible