Skip to content

Commit 5c20cf6

Browse files
committed
docs(webpack): write out both Node.js-access preload options
The "You have two options" line only presented one clearly-headed option; the preload-only entry point was buried in a paragraph under the first option's heading. Split into two numbered subsections: (1) nodeIntegration on the window entry point, and (2) a preload-only entry point. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01J8emyk2ZfnUyZyQpfRBmYc
1 parent 09441ba commit 5c20cf6

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

config/plugins/webpack.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -198,9 +198,9 @@ Since [Electron 20](https://www.electronjs.org/blog/electron-20-0#renderers-sand
198198

199199
A sandboxed preload script runs in a restricted environment: it does **not** have access to Node.js APIs such as `require`, `process`, or Node core modules. It can still use the [polyfilled subset of Node](https://www.electronjs.org/docs/latest/tutorial/sandbox#preload-scripts) that Electron exposes to sandboxed preloads (for example `electron`, and a limited version of `process`), which is enough to set up a [`contextBridge`](https://www.electronjs.org/docs/latest/api/context-bridge). This is the recommended, secure default for most apps.
200200

201-
If your preload script worked in Forge 6 by calling `require` or otherwise depending on full Node.js access, it will fail under the sandboxed default. You have two options:
201+
If your preload script worked in Forge 6 by calling `require` or otherwise depending on full Node.js access, it will fail under the sandboxed default. You have two options for giving a preload full Node.js access.
202202

203-
#### Give the preload full Node.js access
203+
#### Option 1: Enable `nodeIntegration` on the window entry point
204204

205205
The preload's webpack target is derived from the `nodeIntegration` value of the entry point it belongs to. When `nodeIntegration` is `true` (set either on the entry point or on `renderer.nodeIntegration`), the preload is compiled with the `electronPreload` target instead, which grants full Node.js access.
206206

@@ -222,6 +222,8 @@ The preload's webpack target is derived from the `nodeIntegration` value of the
222222
Enabling `nodeIntegration` disables the sandbox for that window's renderer as well, which reduces the security of your application. Prefer keeping the sandbox enabled and exposing only what you need through the `contextBridge`.
223223
{% endhint %}
224224

225+
#### Option 2: Use a preload-only entry point
226+
225227
If you only need full Node.js access in the preload but want to keep it as a standalone entry (for example to attach it to a `<webview>`), you can declare a **preload-only entry point**. It takes a `name` and a `preload` object, and its `nodeIntegration` value controls the preload's webpack target independently of any window:
226228

227229
{% code title="Plugin configuration" %}

0 commit comments

Comments
 (0)