Why do I see an "Electron Security Warning" after updating my Electron project to the latest version?

seeing rings of light when eyes are closed
seeing ring of light in eye
flashes of light in peripheral vision
why am i seeing flashes of light in the corner of my eye?
what does it mean when you see flashing lights in your eyes?
why do i see halos around lights at night
kaleidoscope vision
flashing lights in eyes at night

I've created Electron-Vuejs-Vuetify project from this Vuetify's boilerplate

I'm seeing this warning in the console:

Electron Security Warning 
This renderer process has Node.js integration enabled and 
attempted to load remote content. This exposes users of this app to severe security risks.

For more information and help, consult https://electronjs.org/docs/tutorial/security
Question:

What can possible cause that - Node, Vue.js, webpack's localhost config? What should I do?

You're having this:

Electron Security Warning This renderer process has Node.js integration enabled and attempted to load remote content. This exposes users of this app to severe security risks.

Because from the 2nd Security Recommendations from Electron Documentation

2) Disable Node.js Integration for Remote Content

It is paramount that you disable Node.js integration in any renderer (BrowserWindow, BrowserView, or WebView) that loads remote content. The goal is to limit the powers you grant to remote content, thus making it dramatically more difficult for an attacker to harm your users should they gain the ability to execute JavaScript on your website.

After this, you can grant additional permissions for specific hosts. For example, if you are opening a BrowserWindow pointed at "https://my-website.com/", you can give that website exactly the abilities it needs, but no more.

Why?

A cross-site-scripting (XSS) attack is more dangerous if an attacker can jump out of the renderer process and execute code on the user's computer. Cross-site-scripting attacks are fairly common - and while an issue, their power is usually limited to messing with the website that they are executed on. Disabling Node.js integration helps prevent an XSS from being escalated into a so-called "Remote Code Execution" (RCE) attack. How?

// Bad
const mainWindow = new BrowserWindow()
mainWindow.loadURL('https://my-website.com')

// Good
const mainWindow = new BrowserWindow({
  webPreferences: {
    nodeIntegration: false,
    preload: './preload.js'
  }
})

mainWindow.loadURL('https://my-website.com')

<!-- Bad -->
<webview nodeIntegration src="page.html"></webview>

<!-- Good -->
<webview src="page.html"></webview>

When disabling Node.js integration, you can still expose APIs to your website that do consume Node.js modules or features. Preload scripts continue to have access to require and other Node.js features, allowing developers to expose a custom API to remotely loaded content.

In the following example preload script, the later loaded website will have access to a window.readConfig() method, but no Node.js features.

const { readFileSync } = require('fs')

window.readConfig = function () {
  const data = readFileSync('./config.json')
  return data
}

Therefore you're been warned so that you can Disable Node.js Integration for Remote Content.

I hope this helps answer your question.

Why You Sometimes See Stars and Flashes of Light, Do you see stars or flashes of light on occasion? It is not an uncommon complaint​, and most of the time you have nothing to worry about. Why You Sometimes See Stars and Flashes of Light Phosphenes. The stars and flashes you sometimes see are called "phosphenes," a visual occurrence Valsalva Maneuver. A valsalva maneuver is an act of forcibly exhaling while keeping Postural or Orthostatic Hypotension. Orthostatic hypotension

Add the following line to main.js:

process.env['ELECTRON_DISABLE_SECURITY_WARNINGS'] = 'true';

However you should read Security, Native Capabilities, and Your Responsibility to fully understand the implications of doing so.

Why Am I Seeing Stars in My Vision?, What does it mean when you see sparkles in your vision? 8 Reasons to See a Neurologist A neurologist is an expert in diagnosing and treating problems of your brain, spinal cord and nerves, including these 8 neurological symptoms and disorders. July 17, 2017

The Electron security checklist mentions how to deal with the security warning. In particular, when serving index.html from file: protocol (where you can't use HTTP CSP headers), it is possible to use the meta tag for the same purpose, as documented in the security checklist here: CSP HTTP header.

It recommends to use

<meta http-equiv="Content-Security-Policy" content="default-src 'none'" />

…but I have found (got help on GitHub here) this one to be more practical as it allows one to use script src:

<meta http-equiv="Content-Security-Policy" content="script-src 'self';" />

More on CSP on content-security-policy.com.

Myodesopsia: Why Do You See Strange, Floating Objects Every , and flashing lights may indicate a problem with the eye's retina. Flashes of light are pinpricks or spots of light that you see in your field of vision. People often say seeing flashes of light is like seeing "shooting stars" or "lightning streaks." Flashes of light in your vision come from inside your eye. They are not caused by lights or anything else outside of your body.

The newer version of the electron Vue template has these warnings that were previously disabled in the beta using:

process.env['ELECTRON_DISABLE_SECURITY_WARNINGS'] = 'true';

Which now requires you to do the following inside your index.js:

process.env.ELECTRON_DISABLE_SECURITY_WARNINGS = '1';

Why Do I See Flashes of Light in my Eye | Chicago, , a strong blow to the head, or low blood pressure, such as after standing up too quickly. Why should my endodontist be a member of AAE? The American Association of Endodontists is the professional membership association for endodontists, endodontic residents, educators and other dental professionals who have an interest in the specialty.

From Electron 2.0 on, developers will see warnings and recommendations printed to the developer console. They only show up when the binary's name is Electron, indicating that a developer is currently looking at the console.

I would suggest you to follow Electron official Security Recommendations checklist to avoid these warnings https://github.com/electron/electron/blob/master/docs/tutorial/security.md

Flashes of Light - American Academy of Ophthalmology, How do I get rid of floaters in my vision? They do not deceive you; you are aware that they are not real. They occur in combination with normal perception. For example, you may see a sidewalk clearly but find it covered with dots, flowers, or faces. They are exclusively visual and do not appear in combination with any sounds or bizarre sensations.

Halos Around Lights: Causes, Treatments, and Prevention, Why Do I See Flashes of Light in the Corner of my Eye? LASIK & Cataract Surgeons serving Gurnee, River Forest & Chicago. Share:. Why Some People See Ghosts and Other Apparitions There are potential explanations (even if some people won't believe them). Posted Jul 09, 2015

Eye floaters: What causes them, and what can you do?, Migraine aura can appear even if you do not get any headache. Light rays that you may see around lamps, headlights or streetlights may be a  Also, there are complex hallucinations, such as seeing numbers and letters, or even animals, people, and imaginary creatures. There are also changes in perception that go far beyond these kind of aura eye symptoms – such as the perception that things are closer or father away than they appear.

​Why do I see afterimages?, It's best to see a doctor for an eye exam if you experience sudden changes to your vision. it's also a good Why Do I See Halos Around Lights? Visual snow, also known as visual static, is a condition in which people see white or black dots in parts or the whole of their visual fields. The condition is typically always present and can last years. The cause of visual snow is unclear. Those affected typically also have migraines.

Comments
  • Don't really get your question, are you asking why you're seeing that warning? or what exactly are you asking?
  • @antzshrek well, it cannot be a good thing to have a warning in your app. It means something is doing something it shouldn't do, so I'm trying to understand what broke and how to fix it
  • Yea, something was wrong.
  • I used github.com/SimulatedGREG/electron-vue boilerplate and I have the same issue. Thank you for a good question!
  • Thank you for the explanation. But unfortunately that doesn't help. I added nodeIntegration: false, to the webPreferences of the mainWindow, but now I see 2 Uncaught ReferenceError: module is not defined, which are pointing to the <link> tag in the "index.js" file and the "renderer.js" file (webpack's file that loads modules I suppose)
  • When I hover over the renderer.js error I can see it's pointing to http://localhost:9080/renderer.js perhaps webpack is doing something in the dev mode that electron doesn't like. mainWindow loads this as the url: const winURL = process.env.NODE_ENV === 'development' ? http://localhost:9080 : file://${__dirname}/index.html So maybe Electron doesn't like a localhost address thinking that it loads some external website?
  • It shows me Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR. I tried creating a new project from the boilerplate and now I'm seeing this error right away without even doing anything myself. I guess there's a problem with the boilerplate
  • @JimmyBreck-McKye everyone is seeing this warning after the last electron-vue boilerplate update
  • @Un1 Yeah, I gave up with that boilerplate some time yesterday afternoon. I'm actually writing my own as we speak that tries to resolve these issues. From what I can tell the problem is that if electron is running from webpack-dev-server, the window.location.protocol not being 'file' makes Electron throw the error.
  • Yeah, I added that, but it's not the main concern. I was trying to figure out why does Chrome displays those scary warnings in a newly created Electron project. There's 2 issues on Github regarding this issue, and still no info on how to fix those "security problems"