do not open port in production

alidcastano
1.7k
alidcastano
commented a year ago

Stumbled upon this article on how the Zeit team integrated Nex with Electron:
https://leo.im/2017/electron-next

One consideration they mention is not to open a port in production due to security vulnerabilities:

The reason why electron-next doesn't have the same behaviour in the final app as in development is that opening a port (like Next.js does it for providing hot reloading and auto-building of your code) is generally not a good idea because it introduces a security vulnerability on the user's device.

It's therefore safe for development, but not for production.

What's much safer, however, is letting the BrowserWindow instances directly access the static files of your renderer. This is made possible by next export, a new sub command that we've introduced with Next.js 3

I'm guessing next export is equivalent to running nuxt in --spa mode. So perhaps similar considerations can be applied to this template

cc @Atinux

0
Atinux
21.0k
Atinux
commented a year ago

Hi @alidcastano

Actually next export is the equivalent of nuxt generate, but I believe server-side rendering is pretty useless in an Electron app, and by forcing the mode: spa, it will allow to avoid opening a port in production by serving the dist/ folder :)

1
yuchonghua
23
yuchonghua
commented 8 months ago

[https://github.com/nuxt-community/electron-template/issues/19](Use registerStreamProtocol and nuxt.render)

git clone https://github.com/ddvjs/electron-test.git
cd electron-test
npm i
npm run dev
0
HadiChen
25
HadiChen
commented 8 months ago

I do not want to use nuxt generate, because it is very troublesome, I hope to use registerStreamProtocol and nuxt.render

0
yuchonghua
23
yuchonghua
commented 8 months ago

image
Can you simulate it like this?

0
yuchonghua
23
yuchonghua
commented 8 months ago

I want to use nuxt.render to render registerStreamProtocol
/ping @Atinux

0
yuchonghua
23
yuchonghua
commented 8 months ago

Is there a solution to this approach?

0
HoraceKeung
35
HoraceKeung
commented 7 months ago

Submitted a PR to serve /dist/electron for production hence no need to open port. https://github.com/nuxt-community/electron-template/pull/20
I know it is not using registerStreamProtocol, I don't have enough knowledge to figure it out, but this should be better than opening a port in production.

0
HoraceKeung
35
HoraceKeung
commented 7 months ago

I closed the pull request as I found out the paths to the images do not work in production, either in /assets/img or /static/img.

0
Informations
Question โ€ข Resolved
#c4 - Created a year ago