Skip to content

docs(app-vite): audit security guidance#18373

Open
hawkeye64 wants to merge 1 commit into
quasarframework:devfrom
hawkeye64:audit/security-sensitive-examples
Open

docs(app-vite): audit security guidance#18373
hawkeye64 wants to merge 1 commit into
quasarframework:devfrom
hawkeye64:audit/security-sensitive-examples

Conversation

@hawkeye64

Copy link
Copy Markdown
Member

What changed

  • replace Electron sandbox-disabling CLI examples with a benign forwarded switch
  • modernize Electron hardening guidance and target frameless-window IPC actions to the sending renderer
  • document trust requirements for Capacitor and Electron live updates
  • add signing-key, analytics/privacy, token-storage, dotenv-secret, authenticated PWA caching, and SSG cookie guidance
  • warn about public dev-server, tunnel, proxy, CORS, and quasar serve exposure
  • add BEX bridge input-validation guidance and correct the content-script payload example
  • preserve the generated BEX template and canonical all-sites example while adding a separate least-privilege manifest example

Why

Several security-sensitive examples were incomplete or encouraged unsafe defaults. Most notably, the Electron forwarding example disabled Chromium sandbox protections, the security page omitted current Electron recommendations, the frameless IPC example controlled whichever window happened to be focused, and live-update guidance treated transport and checksums as sufficient without discussing authenticity.

Other cross-mode pages did not clearly distinguish configuration conveniences from security boundaries: public tunnels can expose proxy routes, client environment variables are readable in built applications, extension bridge messages require validation, and signing/update credentials need release-system protections.

Impact

This PR changes guidance and examples without changing generated BEX permissions or application runtime behavior. Existing BEX starter manifests retain their all-sites behavior; users are additionally shown how to narrow permissions when their extension supports known origins.

Validation

  • exercised updated quasar dev --help output
  • checked the audited trees for sandbox-disabling switches and remaining unintended broad-access examples
  • parsed the BEX manifest templates as JSON
  • focused oxfmt --check and oxlint --deny-warnings
  • git diff --check
  • repository pre-commit formatting and lint checks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant