Merge pull request #359 from jnugh/yt

disableWebSecurity -> allowDisplayingInsecureContent

CHANGELOG.md

@@ -24,6 +24,7 @@ Release date: TBD
 ### Bug Fixes
  - Fixed wrong cursor for "Edit" and "Remove" in Setting page
  - Fixed an issue where "Zoom in/out" does not properly work
+ - YouTube preview works, even if mixed content is allowed
 
 #### Windows
  - The accelerator of "Redo" is now shown as `Ctrl+Y`

package.json

@@ -44,7 +44,7 @@
     "chai-as-promised": "^5.3.0",
     "cross-env": "^3.1.2",
     "devtron": "^1.3.0",
-    "electron": "1.4.2",
+    "electron": "1.4.6",
     "electron-builder": "^7.11.2",
     "electron-connect": "~0.6.0",
     "eslint": "^3.4.0",

src/browser/index.jsx

@@ -392,10 +392,10 @@ var MattermostView = React.createClass({
     var self = this;
     var webview = ReactDOM.findDOMNode(this.refs.webview);
 
-    // This option disables the same-origin policy and allows js/css/plugins not only content like images.
+    // This option allows insecure content, when set to true it is possible to
+    // load content via HTTP while the mattermost server serves HTTPS
     if (config.disablewebsecurity === true) {
-      // webview.setAttribute('disablewebsecurity', false) disables websecurity. (electron's bug?)
-      webview.setAttribute('disablewebsecurity', true);
+      webview.setAttribute('webpreferences', 'allowDisplayingInsecureContent');
     }
 
     webview.addEventListener('did-fail-load', (e) => {

test/specs/browser/settings_test.js

@@ -92,7 +92,9 @@ describe('browser/settings.html', function desc() {
     describe('Allow mixed content', () => {
       [true, false].forEach((v) => {
         it(`should be saved and loaded: ${v}`, () => {
+          const webPreferences = v ? 'allowDisplayingInsecureContent' : '';
           env.addClientCommands(this.app.client);
+
           return this.app.client.
             loadSettingsPage().
             scroll('#inputDisableWebSecurity').
@@ -107,19 +109,19 @@ describe('browser/settings.html', function desc() {
               const savedConfig = JSON.parse(fs.readFileSync(env.configFilePath, 'utf8'));
               savedConfig.disablewebsecurity.should.equal(v);
             }).
-            getAttribute('.mattermostView', 'disablewebsecurity').then((disablewebsecurity) => { // confirm actual behavior
+            getAttribute('.mattermostView', 'webpreferences').then((disablewebsecurity) => { // confirm actual behavior
               // disablewebsecurity is an array of String
               disablewebsecurity.forEach((d) => {
-                v.toString().should.equal(d);
+                d.should.equal(webPreferences);
               });
             }).then(() => {
               return this.app.restart();
             }).then(() => {
               env.addClientCommands(this.app.client);
               return this.app.client. // confirm actual behavior
-                getAttribute('.mattermostView', 'disablewebsecurity').then((disablewebsecurity) => { // disablewebsecurity is an array of String
+                getAttribute('.mattermostView', 'webpreferences').then((disablewebsecurity) => { // disablewebsecurity is an array of String
                   disablewebsecurity.forEach((d) => {
-                    v.toString().should.equal(d);
+                    d.should.equal(webPreferences);
                   });
                 }).
                 loadSettingsPage().