基于 Electron 的应用程序会通过系统范围的 nodejs 环境变量吗?
[英]Will an Electron based app pass system wide nodejs environment variables?
问题描述
Am I wrong to assume that an Electron based application will pass NodeJS environment variables?
我是否错误地假设基于 Electron 的应用程序将传递 NodeJS 环境变量?
The app we are dealing with is built upon Electron 3.1.x.我们正在处理的应用程序基于 Electron 3.1.x 构建。 The list of environment variables for electron 3.1.x seem to work. electron 3.1.x的环境变量列表似乎有效。 However, if I try to use any of the environment variables listed in NodeJS (notably NODE_EXTRA_CA_CERTS or NODE_TLS_REJECT_UNAUTHORIZED ) they don't seem to work.但是,如果我尝试使用 NodeJS 中列出的任何环境变量(特别是NODE_EXTRA_CA_CERTS或NODE_TLS_REJECT_UNAUTHORIZED ),它们似乎都不起作用。 I was under the impression that since Electron is simply a nodejs application, that it would respect the same environment variables.我的印象是,由于 Electron 只是一个 nodejs 应用程序,它会尊重相同的环境变量。
1 个解决方案
解决方案1
2 已采纳 2019-10-29 23:38:14
Yes and no.是和不是。 Env vars are of course available to app code ( process.env ), and electron itself supports some ( but not all ) NODE_* vars.环境变量当然可用于应用程序代码( process.env ),并且 electron 本身支持一些(但不是全部) NODE_*变量。
It's important to remember that electron is node and Chrome bolted together.重要的是要记住 electron 是节点和 Chrome 用螺栓固定在一起的。 Of particular relevance to HTTP requests, this means that electron actually has two parallel HTTP implementations: the browser ( fetch /XHR) and node's ( require('http') ).与 HTTP 请求特别相关,这意味着 electron 实际上有两个并行的 HTTP 实现:浏览器 ( fetch /XHR) 和节点 ( require('http') )
Thus, if HTTP requests are going through the browser plumbing, the NODE_* variables have no effect, and conversely, requests made through the node plumbing are not affected by Chrome flags .因此,如果 HTTP 请求正在通过浏览器管道,则NODE_*变量无效,相反,通过节点管道发出的请求不受Chrome 标志的影响。
There are additional quirks:还有一些额外的怪癖:
- By default, Chrome will use the system's HTTP proxy settings;默认情况下,Chrome 会使用系统的 HTTP 代理设置; node does not节点不
- By default, Chrome will use the system's root CA certificate store;默认情况下,Chrome 会使用系统的根 CA 证书存储; node uses a builtin list节点使用内置列表
- Requests made through browser plumbing are visible in the electron Dev Tools' Network tab;通过浏览器管道发出的请求在 electron 开发工具的网络选项卡中可见; node requests are not节点请求不是
So:所以:
- To ignore TLS cert errors everywhere, you must set
NODE_TLS_REJECT_UNAUTHORIZED=0and at the very beginning of main.js, callapp.commandLine.appendSwitch('ignore-certificate-errors').要在任何地方忽略 TLS 证书错误,您必须设置NODE_TLS_REJECT_UNAUTHORIZED=0并在 main.js 的最开头调用app.commandLine.appendSwitch('ignore-certificate-errors')。 Of course, disabling cert errors across the board is dangerous for obvious reasons.当然,出于显而易见的原因,全面禁用证书错误是危险的。 - For browser plumbing to trust a self-signed certificate, you should add it to your system's CA store (Windows certmgr, OS X Keychain, Linux NSS).对于信任自签名证书的浏览器管道,您应该将其添加到系统的 CA 存储区(Windows certmgr、OS X Keychain、Linux NSS)。
Unfortunately,
NODE_EXTRA_CA_CERTSis broken in electron, so getting the node plumbing to trust a self-signed cert is difficult.不幸的是, NODE_EXTRA_CA_CERTS在 electron 中被破坏,因此很难让节点管道信任自签名证书。 This comment suggests monkey patchingNativeSecureContext.prototype.addRootCertsto work around the issue.此评论建议猴子修补NativeSecureContext.prototype.addRootCerts以解决此问题。 You could also try monkey patchinghttps.globalAgent.您也可以尝试猴子修补https.globalAgent。Either way, I don't believe there is a way to get a cert trusted without modifying app code.
无论哪种方式,我都不相信有办法在不修改应用程序代码的情况下获得受信任的证书。
You'll likely need to modify the app JS to get this working.您可能需要修改应用程序 JS 才能使其正常工作。 If you're dealing with a distributed app, asar extract will likely be of interest.如果您正在处理分布式应用程序, asar extract可能会引起您的兴趣。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.