Security

A deep dive into Gluon's security.

Overview

Gluon is one of the most secure frameworks of its kind. This is mostly because:

  • The browser/web process is process isolated and sandboxed from the JS backend, always.
  • There is no way to simply expose NodeJS, or potentially dangerous native APIs to the web at all (built-in), and doing anything of the sort is highly discouraged and warned against.
  • HTTP is completely disabled by default
  • Redirects to other origins are disabled by default

Any options reducing security are actively warned against in terminal and documentation.


❌ Dangerous example

Using IPC this way is dangerous as it allows the web frontend to make arbitary file reads. Even if you control your website entirely, you still should never really use this approach.

dangerous_node.js
import * as Gluon from '@gluon-framework/gluon';
const Window = await Gluon.open('https://gluonjs.org');

// Dangerous. Do not do this!
import { readFile } from 'fs/promises';
Window.ipc.expose('readFile', async path => await readFile(path, 'utf8'));
dangerous_site.js
// Dangerous. Do not do this!
const config = JSON.parse(await Gluon.ipc.readFile('config.json'));

Using dedicated exposed functions per task is much safer, as the web frontend can only perform expected operations.

recommended_node.js
import * as Gluon from '@gluon-framework/gluon';
const Window = await Gluon.open('https://gluonjs.org');

// Not dangerous as FS functions are no longer exposed, much better.
import { readFile } from 'fs/promises';
Window.ipc.getConfig = async () => JSON.parse(await readFile('config.json', 'utf8'));
recommended_site.js
// Use dedicated exposed function.
const config = await Gluon.ipc.getConfig();