Security warnings when running in Electron dev mode

I am currently building an Electron App using quasar starter kit. (the one with Web Pack and quasar cli)
When I run in dev mode using quasar dev -m electron, I get 3 security warnings.
I would like to know if it’s fine or should I try to correct the warnings.

Warning 1 - Electron Security Warning (Node.js Integration with Remote Content) This renderer process has Node.js integration enabled and attempted to load remote content. This exposes users of this app to severe security risks.

Question : I checked the “sources” tab and saw nothing else than localhost and webpack… so my guess is it doesn’t matter.

Warning 2 - Electron Security Warning (Insecure Resources) This renderer process loads resources using insecure protocols. This exposes users of this app to unnecessary security risks. Consider loading the following resources over HTTPS or FTPS.

Question : After that, I get a bunch of files served by the dev server… so my guess is it doesn’t matter because users will run a production build?

Warning 3 - Electron Security Warning (Insecure Content-Security-Policy) This renderer process has either no Content Security Policy set or a policy with “unsafe-eval” enabled. This exposes users of this app to unnecessary security risks.

Question : Where can I put a CSP that restrict loading only to local ressources and prevent the eval function? I tried various things during 1 hour and got nothing working. (in the electron main process js file, and a meta tag in the html template)

I always hated bloat.
I didn’t like the fact that you had to compile javascript or typescript, with React and Angular.
I find that frontend development is waaaaay to complicated…

I read an article somewhere that said :
Start with VueJS because it’s the easiest to learn.
Then Angular, because it has tons of stuff similar to Vue.
Then, if you want to be a rockstar, go with React.

I started vue using Umd… because before I found Quasar, I HATED web pack.
It was NEVER working… I don’t want to spend 2 weeks learning just to configure a tool!!
Python and dotnet doesn’t get in the way like web pack does!!

What I really liked was the easy tutorial / video on the vue website.

Then, I found Quasar… which meant I could build Electron and web application without learning a lot about web pack (just the bare minimum)… and without learning much about frontend. (I’m more of a backend guy)

Quasar just… works… and is beautiful!

Also, writing cross-platform apps with the same codebase is awesome.
That’s why I back this project.

The only reason I’d go with angular or react is if you have a huge developer team with a huge budget doing a huge project.
But for everyone else, go with vue. (small and medium projects)

I always hated bloat.
I didn’t like the fact that you had to compile javascript or typescript, with React and Angular.
I find that frontend development is waaaaay to complicated…

I read an article somewhere that said :
Start with VueJS because it’s the easiest to learn.
Then Angular, because it has tons of stuff similar to Vue.
Then, if you want to be a rockstar, go with React.

I started vue using Umd… because before I found Quasar, I HATED web pack.
It was NEVER working… I don’t want to spend 2 weeks learning just to configure a tool!!
Python and dotnet doesn’t get in the way like web pack does!!

What I really liked was the easy tutorial / video on the vue website.

Then, I found Quasar… which meant I could build Electron and web application without learning a lot about web pack (just the bare minimum)… and without learning much about frontend. (I’m more of a backend guy)

Quasar just… works… and is beautiful!

Also, writing cross-platform apps with the same codebase is awesome.
That’s why I back this project.

The only reason I’d go with angular or react is if you have a huge developer team with a huge budget doing a huge project.
But for everyone else, go with vue. (small and medium projects)

I am currently building an Electron App using quasar starter kit. (the one with Web Pack and quasar cli)
When I run in dev mode using quasar dev -m electron, I get 3 security warnings.
I would like to know if it’s fine or should I try to correct the warnings.

Warning 1 - Electron Security Warning (Node.js Integration with Remote Content) This renderer process has Node.js integration enabled and attempted to load remote content. This exposes users of this app to severe security risks.

Question : I checked the “sources” tab and saw nothing else than localhost and webpack… so my guess is it doesn’t matter.

Warning 2 - Electron Security Warning (Insecure Resources) This renderer process loads resources using insecure protocols. This exposes users of this app to unnecessary security risks. Consider loading the following resources over HTTPS or FTPS.

Question : After that, I get a bunch of files served by the dev server… so my guess is it doesn’t matter because users will run a production build?

Warning 3 - Electron Security Warning (Insecure Content-Security-Policy) This renderer process has either no Content Security Policy set or a policy with “unsafe-eval” enabled. This exposes users of this app to unnecessary security risks.

Question : Where can I put a CSP that restrict loading only to local ressources and prevent the eval function? I tried various things during 1 hour and got nothing working. (in the electron main process js file, and a meta tag in the html template)