Content Security Policy (CSP)

Example Electron Content-Security-Policy warning

If you don't set a Content-Security-Policy in your electron app, You might see a message like this in the developer tools console:

Electron Security Warning (Insecure Content-Security-Policy)
This renderer process has either no Content Security Policy set or a policy with "unsafe-eval" enabled. This exposes users of this app to unnecessary security risks.
For more information and help, consult This warning will not show up once the app is packaged.

Adding a Content-Security-Policy to Electron Apps

Probably one of the easier ways to do this is to use the HTML Meta Tag to add a Content Security Policy.

For example:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'">