I'm interested in understanding exactly what the attribute disablewebsecurity
does when used with a webview element like this: <webview src=www.somesite.com disablewebsecurity>
I have an electron app that is a wrapper around a web app, and were using <webview>
elements to iframe pages.
However, I want to completely understand what I'm exposing my application to wrt using the disablewebsecurity
flag.
I know that this allows CORS requests and ignores the X-FRAME-OPTIONS header, but what else does it do? Im particularly curious about its access to cookie namespaces.
Also, is this attribute the same as opening Chrome/Chromium with the command line flag --disable-web-security
?
Any insight is appreciated (I couldn't find it documented anywhere).
Thanks!
--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.