I'm interested in understanding exactly what the attribute disablewebsecurity does when used with a webview element like this: <webview src=www.somesite.com disablewebsecurity>
I have an electron app that is a wrapper around a web app, and were using <webview> elements to iframe pages.
However, I want to completely understand what I'm exposing my application to wrt using the disablewebsecurity flag.
I know that this allows CORS requests and ignores the X-FRAME-OPTIONS header, but what else does it do? Im particularly curious about its access to cookie namespaces.
Also, is this attribute the same as opening Chrome/Chromium with the command line flag --disable-web-security?
Any insight is appreciated (I couldn't find it documented anywhere).
Thanks!
