-
Notifications
You must be signed in to change notification settings - Fork 703
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Disable nodeIntegration #1967
Comments
Note: the attacker has access to |
Why is this not happening on https://open.rocket.chat? |
@robbyoconnor This issue is about security consequences of RocketChat/Rocket.Chat#20543 in Electron app. For the browser, this issue is inconvenient but has not such security implications. |
I understand. I'm trying to understand why it doesn't happen on RC's server. |
Disable
nodeIntegration
- seeRocket.Chat.Electron/src/ui/main/rootWindow.ts
Line 31 in 3b2d0aa
Update: I see the main window has
nodeIntegration
disabled, so it's seems OKRocket.Chat.Electron/src/ui/main/serverView/index.ts
Line 148 in 3b2d0aa
The text was updated successfully, but these errors were encountered: