The recent Electron 8.0, 8.1, and 8.2 releases make significant improvements to their framework for building cross-platform desktop apps with JavaScript, HTML, and CSS. Highlights in these releases include a performance boost in communication between main and renderer processes, better control over call stack, the addition of an HTTP parsing NODE_OPTION in a packaged Electron app, and a new useSessionCookies flag for secure use of the session cookie store.
The Electron 8.0 release modifies interprocess communication between package.json's main script and each web page in Electron. V8's structured clone algorithm for serialization reduces the time needed for interprocess communication without affecting the latency for small messages between the two processes.
Electron 8.0 also adds the ' --enable-api-filtering-logging' command-line switch for better control over the call stack. This command enables caller stack logging for the desktopCapturer and remote APIs.
The Electron 8.0 release adds a timeoutType property allowing developers to control the duration of Linux and Windows notifications. A new API session.downloadURL() replaces webContents.downloadURL(), which avoids performing any security checks that relate to a download page's origin to trigger downloads.
Previously, developers could set a custom traffic light positioning for browser window title bars on macOS. In Electron 8.1, developers can now set this property on the fly with a pair of APIs.
Electron uses Node.js internally, and as of Node.js 11.5, the default HTTP parser was replaced, which broke several use cases and took a stricter approach to HTTP header parsing and validity. Electron 8.1 introduces the '--http-parser=parser' NODE_OPTION, allowing developers to switch to alternative HTTP parsers.
In previous versions of Electron, the audioMuted property was not working for WebViews. The webview.audioMuted = true was supposed to mute the WebViews but instead triggered the following warning. The Electron 8.1 release fixed this issue.
In recent releases of Electron, the net module which issues HTTP/HTTPS requests was designed to send a fetch-like request from the main process. But this net module lacked secure support for using cookies in the same manner as fetch requests. This limitation encourages hacks and insecure direct usage of the Cookies header.
Electron 8.2 introduces a new useSessionCookies flag for network requests to securely use the session cookie store similar to a fetch request. This new flag leverages Chromium's internal cookie store logic for all network requests.
The Electron 8.2 release also introduces a disableDialog option to Webpreferences. The option allows disabling dialogs similar to the safeDialogs option with the ability to override safeDialogs behavior completely.
Electron 8.2 fixes a crash that could occur when sending arrays over interprocess communication. The release also fixes an issue where mutating the global Object prototype could cause internal Electron logic to throw errors.
Developers have shown generally positive responses towards caller stack logging and HTTP parsing alternatives, but there are still a few concerns. The setBackground property is not working in Electron 8.x.x, and page rendering performance drops significantly after updating Electron to the latest version. Developers want the remote module disabled by default due to its security liability. In the future, Electron plans to remove process model patches for better performance, security, and maintainability.
Electron is an open-source framework used to build cross-platform desktop apps with JavaScript, HTML, and CSS that leverages Node.js and Chromium. Electron is available under the MIT License. Contributions are welcome via the Electron GitHub repository and should follow the Electron's contribution guidelines and code of conduct.