Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Context Aware Native Module, Electron Context Isolation and Node Integration Support #148

Open
danielduan opened this issue Oct 11, 2023 · 0 comments

Comments

@danielduan
Copy link

danielduan commented Oct 11, 2023

@pokusew I saw that you're making some changes in both the pcsclite module and here so I hope this helps.

Since Electron 14, there's been enhanced security around how native modules in node can interact with Electron renderer and main processes. Basically, to reduce the risk of external content loaded remotely from directly interacting with native and operating system level programs, the renderer process cannot access native modules and hardware by default, including the pcsclite module.

There's also been a change introduced to node that requires native modules to be context aware. Looks like the change was introduced here pokusew/node-pcsclite@3cbfdc3 but not published yet.

The native module pcsclite needs to be used inside the main process, and communicate with the renderer via the new IPC channels. But because IPC cannot reasonably stringify all bytecodes and errors, it makes it hard for us to work with nfc-pcsc or pcsclite.

The workaround and hack is to disable these new security mechanisms.

In the main.ts file, when the BrowserWindow object is created, we must enable nodeIntegration and disable contextIsolation so that native modules like pcsclite can be used in the same JS context.

mainWindow = new BrowserWindow({
    webPreferences: {
      webSecurity: false,
      nodeIntegration: true,
      contextIsolation: false,
    },
  });

In addition, most new Electron boilerplates and example projects require two different package.json files, one for the native modules specifically, and the other for everything else because the native modules need to be compiled and rebuilt separately per platform (Windows, Mac, Linux).

In the case of Electron React Boilerplate that I'm using, I've only gotten it to work in this very specific way.

  • [email protected] is installed at the root package.json, [email protected] (not @pokesew/pcsclite because the context aware change has not been published) is installed at the release/app/package.json for platform specific node binding compilation.
  • use nfc-pcsc in the renderer process normally.
  • disable check-native-dep.js because it will flag the native dependency @pokusew/pcsclite of nfc-pcsc and warn that it won't be included in the build
  • import the pcsclite module in main.ts so the binding and node files are included into the build. most updated boilerplates only include .node binding files when into the main process for security purposes.

It also seems like the the original package your @pokesew/pcsclite was forked from has also been updated with some of your changes. I wonder if it makes sense to combine the two because it seems like the compiled native modules are more or less interchangeable. https://github.com/santigimeno/node-pcsclite

@danielduan danielduan changed the title Native Module + Electron Context Isolation Support Context Aware Native Module, Electron Context Isolation and Node Integration Support Oct 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant