by 
Electron Security Warning (Insecure Content-Security-Policy) This renderer process has either no Content Security Policy set or a policy with "unsafe-eval" enabled. This exposes users of this app to unnecessary security risks.
For more information and help, consult https://electronjs.org/docs/tutorial/security.
This warning will not show up once the app is packaged.
Решение: Добавить в хедеры
|
1 |
<meta http-equiv="Content-Security-Policy" content="script-src 'self'"> |
Если присутствую инлайн скрипты и 
ругается на
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-w7PFxwNT5YRCq/TbK4hTeghGFRq6Vi33EchhMUrcs8o='), or a nonce ('nonce-...') is required to enable inline execution.
Копируем хеш из ошибки и добавляем в исключения
|
1 |
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'sha256-w7PFxwNT5YRCq/TbK4hTeghGFRq6Vi33EchhMUrcs8o=' "> |
или добавить
|
1 |
'unsafe-inline' |
