Book Image

NW.js Essentials

By : Alessandro Benoit, Roger Weng
Book Image

NW.js Essentials

By: Alessandro Benoit, Roger Weng

Overview of this book

Table of Contents (17 chapters)
NW.js Essentials
About the Author
About the Reviewers

Shedding some light on security issues

When developing a desktop application, most of the assets usually come from trusted sources, so in NW.js, many of the security precautions implemented by Chromium have been disabled. However, we must distinguish between Node frames and Normal frames. The first kind of frames are the ones we have dealt with in previous chapters, while the latter kind are normal browser frames, which act much like Chrome frames.

With regard to security issues, Node frames are allowed to:

  • Access require, global, process, Buffer, and root from Node.js

  • Access other frames by skipping the cross-domain security checks

  • Ignore the X-Frame-Options headers for child frames

By default, the following resources will be handled with Node frames:

  • Local resources

  • App protocol resources, for example, app://myApp/index.html (for more information on this, refer to Chapter 6, Packaging Your Application for Distribution)

  • Remote resources specified in the node-remote option in your manifest file...