Origin validation error
Description
Disabling webSecurity will disable the same-origin policy and allows the execution of insecure code from any domain.
Examples
Insecure Code
javascript
new BrowserWindow({webPreferences: {webSecurity: false}})Secure Code
javascript
new BrowserWindow({webPreferences: {webSecurity: true}})Remediation
Enable webSecurity in BrowserWindow options to enforce the same-origin policy and prevent insecure code execution.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0370 |
| Category | Web |
| Severity | CRITICAL |
| CWE | CWE-346 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | same-origin policy, web security |
| OWASP | A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration |