diff --git a/.changes/fix-default-freeze-prototype.md b/.changes/fix-default-freeze-prototype.md new file mode 100644 index 000000000..364ca39ce --- /dev/null +++ b/.changes/fix-default-freeze-prototype.md @@ -0,0 +1,6 @@ +--- +"tauri": patch +"tauri-utils": patch +--- + +Change default value for the `freezePrototype` configuration to `false`. diff --git a/core/tauri-codegen/src/embedded_assets.rs b/core/tauri-codegen/src/embedded_assets.rs index 5f29057b5..96406d226 100644 --- a/core/tauri-codegen/src/embedded_assets.rs +++ b/core/tauri-codegen/src/embedded_assets.rs @@ -192,7 +192,7 @@ impl AssetOptions { Self { csp: false, pattern, - freeze_prototype: true, + freeze_prototype: false, #[cfg(feature = "isolation")] isolation_schema: format!("isolation-{}", uuid::Uuid::new_v4()), } diff --git a/core/tauri-utils/src/config.rs b/core/tauri-utils/src/config.rs index 23f917e12..2e2f18c91 100644 --- a/core/tauri-utils/src/config.rs +++ b/core/tauri-utils/src/config.rs @@ -573,7 +573,7 @@ fn default_file_drop_enabled() -> bool { /// Security configuration. #[skip_serializing_none] -#[derive(Debug, PartialEq, Clone, Deserialize, Serialize)] +#[derive(Debug, Default, PartialEq, Clone, Deserialize, Serialize)] #[cfg_attr(feature = "schema", derive(JsonSchema))] #[serde(rename_all = "camelCase", deny_unknown_fields)] pub struct SecurityConfig { @@ -589,24 +589,10 @@ pub struct SecurityConfig { /// See . pub dev_csp: Option, /// Freeze the `Object.prototype` when using the custom protocol. - #[serde(default = "default_freeze_prototype")] + #[serde(default)] pub freeze_prototype: bool, } -impl Default for SecurityConfig { - fn default() -> Self { - Self { - csp: None, - dev_csp: None, - freeze_prototype: default_freeze_prototype(), - } - } -} - -fn default_freeze_prototype() -> bool { - true -} - /// Defines an allowlist type. pub trait Allowlist { /// Returns all features associated with the allowlist struct. @@ -2558,7 +2544,7 @@ mod test { security: SecurityConfig { csp: None, dev_csp: None, - freeze_prototype: true, + freeze_prototype: false, }, allowlist: AllowlistConfig::default(), system_tray: None, diff --git a/examples/api/src-tauri/tauri.conf.json b/examples/api/src-tauri/tauri.conf.json index 362c7afbe..81ccf871d 100644 --- a/examples/api/src-tauri/tauri.conf.json +++ b/examples/api/src-tauri/tauri.conf.json @@ -116,7 +116,8 @@ } ], "security": { - "csp": "default-src 'self' customprotocol: img-src: 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; img-src 'self' asset: https://asset.localhost blob: data:; font-src https://fonts.gstatic.com" + "csp": "default-src 'self' customprotocol: img-src: 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; img-src 'self' asset: https://asset.localhost blob: data:; font-src https://fonts.gstatic.com", + "freezePrototype": true }, "systemTray": { "iconPath": "../../.icons/tray_icon_with_transparency.png", diff --git a/tooling/cli/schema.json b/tooling/cli/schema.json index 8afaa65f2..29b99a9fb 100644 --- a/tooling/cli/schema.json +++ b/tooling/cli/schema.json @@ -155,7 +155,7 @@ "use": "brownfield" }, "security": { - "freezePrototype": true + "freezePrototype": false }, "updater": { "active": false, @@ -1294,7 +1294,7 @@ }, "freezePrototype": { "description": "Freeze the `Object.prototype` when using the custom protocol.", - "default": true, + "default": false, "type": "boolean" } }, @@ -1609,7 +1609,7 @@ "security": { "description": "Security configuration.", "default": { - "freezePrototype": true + "freezePrototype": false }, "allOf": [ {