This might be a dumb question, but I'm currently getting cors rejection because webSecurity is enabled in the browser window by default.

Is there a reason why webSecurity is enabled by default? I'm guessing every api you try to call from an app will throw a cors error because all http requests will be dispatched from localhost.

To disable CORS simply set webSecurity: false in webPreferences.

A secondary question is where BrowserWindow configuration should be set, I modified electro-main for now, but, is that the intended way or do you have a separate config file for that?

Hello @JavierPAYTEF,

Is there a reason why webSecurity is enabled by default?

I didn't override it since most people are highly concerned with security. So I let the users decide since Electron also have it enabled by default.

To disable CORS simply set webSecurity: false in webPreferences.

It actually doesn't fully disable with this setting. You have to use app.commandLine.appendSwitch('disable-site-isolation-trials') to fully disable it. But even then you're gonna run into some issues that I was able to discover. It's discussed at electron/electron#26714 and electron/electron#18940 (comment). It's probably gonna be fixed soon.

is that the intended way

It is in fact intended. I wanted to separate runtime configurations from compile time configurations. Really don't like mixing those two. So anything that's affecting runtime is left inside the actual source files so nothing seems cryptic.

Thanks for the comments. For now with the webSecurity set to false it works, it's just a simple api. I read the issues and I'll keep it in mind. By the way, thanks for the library, the setup for the project was really easy.

thanks for the library, the setup for the project was really easy.

You're welcome and that's all I wanted for the users to experience. 😊