CalvinBackup/tauri-plugins-workspace
1
0
Fork 0
mirror of https://github.com/tauri-apps/plugins-workspace.git synced 2026-04-27 11:56:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs(http): Replace allowlist scope with capability scope

Browse Source
This commit is contained in:
FabianLars
2024-06-08 13:51:31 +02:00
parent 264a044097
commit 8e1ae08c69
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/http/guest-js/index.ts
+12 -10
View File
@@ -7,16 +7,18 @@
*
* ## Security
*
* This API has a scope configuration that forces you to restrict the URLs and paths that can be accessed using glob patterns.
* This API has a scope configuration that forces you to restrict the URLs that can be accessed using glob patterns.
*
* For instance, this scope configuration only allows making HTTP requests to the GitHub API for the `tauri-apps` organization:
* For instance, this scope configuration only allows making HTTP requests to all subdomains for `tauri.app` except for `https://private.tauri.app`:
* ```json
* {
* "plugins": {
* "http": {
* "scope": ["https://api.github.com/repos/tauri-apps/*"]
* "permissions": [
* {
* "identifier": "http:default",
* "allow": [{ "url": "https://*.tauri.app" }],
* "deny": [{ "url": "https://private.tauri.app" }]
* }
* }
* ]
* }
* ```
* Trying to execute any API with a URL not configured on the scope results in a promise rejection due to denied access.
@@ -100,7 +102,7 @@ export interface ClientOptions {
*/
export async function fetch(
input: URL | Request | string,
init?: RequestInit & ClientOptions,
init?: RequestInit & ClientOptions
): Promise<Response> {
const maxRedirections = init?.maxRedirections;
const connectTimeout = init?.connectTimeout;
@@ -148,7 +150,7 @@ export async function fetch(
// we need to ensure we have all header values as strings
// eslint-disable-next-line
typeof val === "string" ? val : (val as any).toString(),
],
]
);
const rid = await invoke<number>("plugin:http|fetch", {
@@ -191,7 +193,7 @@ export async function fetch(
"plugin:http|fetch_read_body",
{
rid: responseRid,
},
}
);
const res = new Response(
@@ -204,7 +206,7 @@ export async function fetch(
headers: responseHeaders,
status,
statusText,
},
}
);
// url is read only but seems like we can do this