-
Notifications
You must be signed in to change notification settings - Fork 68
INSECURE_CONTENT_JS_CHECK
When using HTTP as the transport, security is provided by Transport Layer Security (TLS). TLS, and its predecessor SSL, are widely used on the Internet to authenticate a service to a client, and then to provide confidentiality to the channel.
Mixed content occurs when the initial HTML page is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.
HTTP, Mixed Content and opting out of TLS validation should not be used, as it makes possible to eavesdrop on and tamper with the traffic between the user and the application.
If nodeIntegration is also enabled, an attacker can inject malicious JavaScript and compromise the user’s host.
Search for allowRunningInsecureContent set to true/1 within the
webPreferences of BrowserWindow:
mainWindow = new BrowserWindow({
"webPreferences": {
"allowRunningInsecureContent": true
}
});