I'm creating an internal application in electron. For security reasons I want to make sure that accidentally information is not getting uploaded to some other web urls.
Is there any way to do this in electron apps ?
From the Electron documentation:
https://electronjs.org/docs/tutorial/security#12-disable-or-limit-navigation
const URL = require('url').URL
app.on('web-contents-created', (event, contents) => {
contents.on('will-navigate', (event, navigationUrl) => {
const parsedUrl = new URL(navigationUrl)
if (parsedUrl.origin !== 'https://my-own-server.com') {
event.preventDefault()
}
})
})
There are multiple recommendations on the same page besides just limiting navigation:
https://electronjs.org/docs/tutorial/security
You can also work through this great resource: https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Some interesting techniques include using setPermissionRequestHandler on the session to set a callback preventing opening external links.