From b77f701aeba49630735b5b04b4835f01f130a616 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Mon, 10 Feb 2020 10:49:09 -0800 Subject: [PATCH] feat: disable the remote module by default (#22091) --- docs/breaking-changes.md | 20 +++++++++++++++++ lib/browser/remote/server.ts | 2 +- lib/renderer/api/remote.js | 8 ------- shell/browser/web_contents_preferences.cc | 2 +- spec-main/api-app-spec.ts | 15 ++++++++----- spec-main/api-browser-window-spec.ts | 26 +++++++++++++++++++---- spec-main/api-remote-spec.ts | 9 +++++--- spec-main/api-web-contents-spec.ts | 4 ++-- 8 files changed, 62 insertions(+), 24 deletions(-) diff --git a/docs/breaking-changes.md b/docs/breaking-changes.md index 73e64ef350..a0a81b52f7 100644 --- a/docs/breaking-changes.md +++ b/docs/breaking-changes.md @@ -6,6 +6,26 @@ Breaking changes will be documented here, and deprecation warnings added to JS c The `FIXME` string is used in code comments to denote things that should be fixed for future releases. See https://github.com/electron/electron/search?q=fixme +## Planned Breaking API Changes (10.0) + +### `enableRemoteModule` defaults to `false` + +In Electron 9, using the remote module without explicitly enabling it via the +`enableRemoteModule` WebPreferences option began emitting a warning. In +Electron 10, the remote module is now disabled by default. To use the remote +module, `enableRemoteModule: true` must be specified in WebPreferences: + +```js +const w = new BrowserWindow({ + webPreferences: { + enableRemoteModule: true + } +}) +``` + +We [recommend moving away from the remote +module](https://medium.com/@nornagon/electrons-remote-module-considered-harmful-70d69500f31). + ## Planned Breaking API Changes (9.0) ### `.getWebContents()` diff --git a/lib/browser/remote/server.ts b/lib/browser/remote/server.ts index ed29c8c836..e6c471ecaf 100644 --- a/lib/browser/remote/server.ts +++ b/lib/browser/remote/server.ts @@ -321,7 +321,7 @@ const unwrapArgs = function (sender: electron.WebContents, frameId: number, cont const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) { const webPreferences = (contents as any).getLastWebPreferences() || {} - return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true + return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : false } const isRemoteModuleEnabledCache = new WeakMap() diff --git a/lib/renderer/api/remote.js b/lib/renderer/api/remote.js index 240b4cfd94..618233e5c0 100644 --- a/lib/renderer/api/remote.js +++ b/lib/renderer/api/remote.js @@ -13,14 +13,6 @@ const remoteObjectCache = v8Util.createIDWeakMap() // An unique ID that can represent current context. const contextId = v8Util.getHiddenValue(global, 'contextId') -ipcRendererInternal.invoke('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES').then(preferences => { - if (!preferences.enableRemoteModule) { - console.warn('%cElectron Deprecation Warning', 'font-weight: bold', "The 'remote' module is deprecated and will be disabled by default in a future version of Electron. To ensure a smooth upgrade and silence this warning, specify {enableRemoteModule: true} in the WebPreferences for this window.") - } -}, (err) => { - console.error('Failed to get web preferences:', err) -}) - // Notify the main process when current context is going to be released. // Note that when the renderer process is destroyed, the message may not be // sent, we also listen to the "render-view-deleted" event in the main process diff --git a/shell/browser/web_contents_preferences.cc b/shell/browser/web_contents_preferences.cc index 7a6efae823..c96c69db58 100644 --- a/shell/browser/web_contents_preferences.cc +++ b/shell/browser/web_contents_preferences.cc @@ -327,7 +327,7 @@ void WebContentsPreferences::AppendCommandLineSwitches( #if BUILDFLAG(ENABLE_REMOTE_MODULE) // Whether to enable the remote module - if (IsEnabled(options::kEnableRemoteModule, true)) + if (IsEnabled(options::kEnableRemoteModule, false)) command_line->AppendSwitch(switches::kEnableRemoteModule); #endif diff --git a/spec-main/api-app-spec.ts b/spec-main/api-app-spec.ts index ea9b07fe20..3ef87d069a 100644 --- a/spec-main/api-app-spec.ts +++ b/spec-main/api-app-spec.ts @@ -457,7 +457,8 @@ describe('app module', () => { w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) await w.loadURL('about:blank') @@ -474,7 +475,8 @@ describe('app module', () => { w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) await w.loadURL('about:blank') @@ -491,7 +493,8 @@ describe('app module', () => { w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) await w.loadURL('about:blank') @@ -508,7 +511,8 @@ describe('app module', () => { w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) await w.loadURL('about:blank') @@ -524,7 +528,8 @@ describe('app module', () => { w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) await w.loadURL('about:blank') diff --git a/spec-main/api-browser-window-spec.ts b/spec-main/api-browser-window-spec.ts index 1ef8644277..bf21c4b80a 100644 --- a/spec-main/api-browser-window-spec.ts +++ b/spec-main/api-browser-window-spec.ts @@ -1628,6 +1628,7 @@ describe('BrowserWindow module', () => { show: false, webPreferences: { nodeIntegration: true, + enableRemoteModule: true, preload } }) @@ -1749,7 +1750,7 @@ describe('BrowserWindow module', () => { describe(description, () => { const preload = path.join(__dirname, 'fixtures', 'module', 'preload-remote.js') - it('enables the remote module by default', async () => { + it('disables the remote module by default', async () => { const w = new BrowserWindow({ show: false, webPreferences: { @@ -1760,7 +1761,7 @@ describe('BrowserWindow module', () => { const p = emittedOnce(ipcMain, 'remote') w.loadFile(path.join(fixtures, 'api', 'blank.html')) const [, remote] = await p - expect(remote).to.equal('object') + expect(remote).to.equal('undefined') }) it('disables the remote module when false', async () => { @@ -1777,6 +1778,21 @@ describe('BrowserWindow module', () => { const [, remote] = await p expect(remote).to.equal('undefined') }) + + it('enables the remote module when true', async () => { + const w = new BrowserWindow({ + show: false, + webPreferences: { + preload, + sandbox, + enableRemoteModule: true + } + }) + const p = emittedOnce(ipcMain, 'remote') + w.loadFile(path.join(fixtures, 'api', 'blank.html')) + const [, remote] = await p + expect(remote).to.equal('object') + }) }) } @@ -2093,7 +2109,8 @@ describe('BrowserWindow module', () => { show: false, webPreferences: { preload, - sandbox: true + sandbox: true, + enableRemoteModule: true } }) w.loadFile(path.join(__dirname, 'fixtures', 'api', 'sandbox.html'), { search: 'reload-remote' }) @@ -2125,7 +2142,8 @@ describe('BrowserWindow module', () => { show: false, webPreferences: { preload, - sandbox: true + sandbox: true, + enableRemoteModule: true } }) w.webContents.once('new-window', (event, url, frameName, disposition, options) => { diff --git a/spec-main/api-remote-spec.ts b/spec-main/api-remote-spec.ts index a80b3114b3..87a3bc5594 100644 --- a/spec-main/api-remote-spec.ts +++ b/spec-main/api-remote-spec.ts @@ -194,7 +194,8 @@ ifdescribe(features.isRemoteModuleEnabled())('remote module', () => { const w = new BrowserWindow({ show: false, webPreferences: { - preload + preload, + enableRemoteModule: true } }) w.loadURL('about:blank') @@ -207,7 +208,8 @@ ifdescribe(features.isRemoteModuleEnabled())('remote module', () => { const w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) @@ -227,7 +229,8 @@ ifdescribe(features.isRemoteModuleEnabled())('remote module', () => { const w = new BrowserWindow({ show: false, webPreferences: { - nodeIntegration: true + nodeIntegration: true, + enableRemoteModule: true } }) await w.loadFile(path.join(fixtures, 'api', 'remote-event-handler.html')) diff --git a/spec-main/api-web-contents-spec.ts b/spec-main/api-web-contents-spec.ts index 49ff773f00..b4410266af 100644 --- a/spec-main/api-web-contents-spec.ts +++ b/spec-main/api-web-contents-spec.ts @@ -821,7 +821,7 @@ describe('webContents module', () => { }) it('can persist zoom level across navigation', (done) => { - const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) + const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, enableRemoteModule: true } }) let finalNavigation = false ipcMain.on('set-zoom', (e, host) => { const zoomLevel = hostZoomMap[host] @@ -847,7 +847,7 @@ describe('webContents module', () => { }) it('can propagate zoom level across same session', (done) => { - const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) + const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, enableRemoteModule: true } }) const w2 = new BrowserWindow({ show: false }) w2.webContents.on('did-finish-load', () => { const zoomLevel1 = w.webContents.zoomLevel