When developing a desktop application, most of the assets usually come from trusted sources, so in NW.js, many of the security precautions implemented by Chromium have been disabled. However, we must distinguish between Node frames and Normal frames. The first kind of frames are the ones we have dealt with in previous chapters, while the latter kind are normal browser frames, which act much like Chrome frames.
With regard to security issues, Node frames are allowed to:
Access other frames by skipping the cross-domain security checks
X-Frame-Optionsheaders for child frames
By default, the following resources will be handled with Node frames:
App protocol resources, for example,
app://myApp/index.html(for more information on this, refer to Chapter 6, Packaging Your Application for Distribution)
Remote resources specified in the
node-remoteoption in your manifest file...