If you don't set a Content-Security-Policy in your electron app, You might see a message like this in the developer tools console:
Electron Security Warning (Insecure Content-Security-Policy)
This renderer process has either no Content Security Policy set or a policy with "unsafe-eval" enabled. This exposes users of this app to unnecessary security risks.
For more information and help, consult https://electronjs.org/docs/tutorial/security. This warning will not show up once the app is packaged.
Probably one of the easier ways to do this is to use the HTML Meta Tag to add a Content Security Policy.
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">