When developing a desktop application, most of the assets usually come from trusted sources, so in NW.js, many of the security precautions implemented by Chromium have been disabled. However, we must distinguish between Node frames and Normal frames. The first kind of frames are the ones we have dealt with in previous chapters, while the latter kind are normal browser frames, which act much like Chrome frames.
With regard to security issues, Node frames are allowed to:
Access
require
,global
,process
,Buffer
, androot
from Node.jsAccess other frames by skipping the cross-domain security checks
Ignore the
X-Frame-Options
headers for child frames
By default, the following resources will be handled with Node frames:
Local resources
App protocol resources, for example,
app://myApp/index.html
(for more information on this, refer to Chapter 6, Packaging Your Application for Distribution)Remote resources specified in the
node-remote
option in your manifest file...