From 3d8d24c2ff5d4201de857a6f04b3986551f818ec Mon Sep 17 00:00:00 2001
From: Jonas Schwabe <jonas@jnugh.de>
Date: Fri, 4 Nov 2016 20:28:31 +0100
Subject: [PATCH] Fixes #161

---
 package.json          | 2 +-
 src/browser/index.jsx | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index d00d59cf..b629b73b 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
     "chai-as-promised": "^5.3.0",
     "cross-env": "^3.1.2",
     "devtron": "^1.3.0",
-    "electron": "1.4.2",
+    "electron": "1.4.6",
     "electron-builder": "^7.11.2",
     "electron-connect": "~0.6.0",
     "eslint": "^3.4.0",
diff --git a/src/browser/index.jsx b/src/browser/index.jsx
index 89f08dc7..bb0dd8a7 100644
--- a/src/browser/index.jsx
+++ b/src/browser/index.jsx
@@ -392,10 +392,10 @@ var MattermostView = React.createClass({
     var self = this;
     var webview = ReactDOM.findDOMNode(this.refs.webview);
 
-    // This option disables the same-origin policy and allows js/css/plugins not only content like images.
+    // This option allows insecure content, when set to true it is possible to
+    // load content via HTTP while the mattermost server serves HTTPS
     if (config.disablewebsecurity === true) {
-      // webview.setAttribute('disablewebsecurity', false) disables websecurity. (electron's bug?)
-      webview.setAttribute('disablewebsecurity', true);
+      webview.setAttribute('webpreferences', 'allowDisplayingInsecureContent');
     }
 
     webview.addEventListener('did-fail-load', (e) => {