What exactly does disablewebsecurity do?


#1

I’m interested in understanding exactly what the attribute disablewebsecurity does when used with a <webview disablewebsecurity>

I have an electron app that is a wrapper around a web app, and were using <webview> elements to iframe pages.

However, I want to completely understand what I’m exposing my application to wrt using the disablewebsecurity flag.

I know that this allows CORS requests and ignores the X-FRAME-OPTIONS header, but what else does it do? Im particularly curious about its access to cookie namespaces.

Also, is this attribute the same as opening Chrome/Chromium with the command line flag --disable-web-security?

Any insight is appreciated (I couldnt find it documented anywhere).

Thanks!