11. Better Security Model for Desktop Application
The security model in Chrome (and web browsers in general) is a bit restrictive, due to the nature of your relation to the websites that you visit. Browsers do not allow websites to have an access to your filesystem, websites run in a sandboxed environment, and they are subject to same-origin policy … etc. While this makes sense in the context of web browsers and website, desktop applications need more.
NW.js provides another security model, that allows you to “Bypass all security restrictions, such as sandboxing, same origin policy etc. For example, you can make cross-origin XHR to any remote sites, or access to
src points to remote sites in node frames”, according to NW.js Documentation. According to Roger Wang: “The list of things we can do in this model is expanding, and it might be good to ask for proposals from developers in [your] article. Issue reports like this are welcome”.
Compare this to Electron, which disables features like nested
tags (01, 02), because “it is a maintenance burden” and “it is not easy to get things right”. (by the way, you can nest
webview tags in NW.js as you want, but for local HTML files, you have to add a permission in