CalvinBackup/tauri
1
0
Fork 0
mirror of https://github.com/tauri-apps/tauri.git synced 2026-04-03 10:11:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

remvoe allowlist config option, move protocol to security > asset_protocol

Browse Source
This commit is contained in:
amrbashir
2023-05-13 02:23:19 +03:00
parent 63506f2d87
commit 42ebad7ef5
13 changed files with 272 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
core/tauri-config-schema/schema.json
View File

@@ -1,7 +1,7 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Config",
"description": "The Tauri configuration object. It is read from a file where you can define your frontend assets, configure the bundler, define a system tray, enable APIs via the allowlist and more.\n\nThe configuration file is generated by the [`tauri init`](https://tauri.app/v1/api/cli#init) command that lives in your Tauri application source directory (src-tauri).\n\nOnce generated, you may modify it at will to customize your Tauri application.\n\n## File Formats\n\nBy default, the configuration is defined as a JSON file named `tauri.conf.json`.\n\nTauri also supports JSON5 and TOML files via the `config-json5` and `config-toml` Cargo features, respectively. The JSON5 file name must be either `tauri.conf.json` or `tauri.conf.json5`. The TOML file name is `Tauri.toml`.\n\n## Platform-Specific Configuration\n\nIn addition to the default configuration file, Tauri can read a platform-specific configuration from `tauri.linux.conf.json`, `tauri.windows.conf.json`, `tauri.macos.conf.json`, `tauri.android.conf.json` and `tauri.ios.conf.json` (or `Tauri.linux.toml`, `Tauri.windows.toml`, `Tauri.macos.toml`, `Tauri.android.toml` and `Tauri.ios.toml` if the `Tauri.toml` format is used), which gets merged with the main configuration object.\n\n## Configuration Structure\n\nThe configuration is composed of the following objects:\n\n- [`package`](#packageconfig): Package settings - [`tauri`](#tauriconfig): The Tauri config - [`build`](#buildconfig): The build configuration - [`plugins`](#pluginconfig): The plugins config\n\n```json title=\"Example tauri.config.json file\" { \"build\": { \"beforeBuildCommand\": \"\", \"beforeDevCommand\": \"\", \"devPath\": \"../dist\", \"distDir\": \"../dist\" }, \"package\": { \"productName\": \"tauri-app\", \"version\": \"0.1.0\" }, \"tauri\": { \"bundle\": {}, \"security\": { \"csp\": null }, \"windows\": [ { \"fullscreen\": false, \"height\": 600, \"resizable\": true, \"title\": \"Tauri App\", \"width\": 800 } ] } } ```",
"description": "The Tauri configuration object. It is read from a file where you can define your frontend assets, configure the bundler and define a system tray.\n\nThe configuration file is generated by the [`tauri init`](https://tauri.app/v1/api/cli#init) command that lives in your Tauri application source directory (src-tauri).\n\nOnce generated, you may modify it at will to customize your Tauri application.\n\n## File Formats\n\nBy default, the configuration is defined as a JSON file named `tauri.conf.json`.\n\nTauri also supports JSON5 and TOML files via the `config-json5` and `config-toml` Cargo features, respectively. The JSON5 file name must be either `tauri.conf.json` or `tauri.conf.json5`. The TOML file name is `Tauri.toml`.\n\n## Platform-Specific Configuration\n\nIn addition to the default configuration file, Tauri can read a platform-specific configuration from `tauri.linux.conf.json`, `tauri.windows.conf.json`, `tauri.macos.conf.json`, `tauri.android.conf.json` and `tauri.ios.conf.json` (or `Tauri.linux.toml`, `Tauri.windows.toml`, `Tauri.macos.toml`, `Tauri.android.toml` and `Tauri.ios.toml` if the `Tauri.toml` format is used), which gets merged with the main configuration object.\n\n## Configuration Structure\n\nThe configuration is composed of the following objects:\n\n- [`package`](#packageconfig): Package settings - [`tauri`](#tauriconfig): The Tauri config - [`build`](#buildconfig): The build configuration - [`plugins`](#pluginconfig): The plugins config\n\n```json title=\"Example tauri.config.json file\" { \"build\": { \"beforeBuildCommand\": \"\", \"beforeDevCommand\": \"\", \"devPath\": \"../dist\", \"distDir\": \"../dist\" }, \"package\": { \"productName\": \"tauri-app\", \"version\": \"0.1.0\" }, \"tauri\": { \"bundle\": {}, \"security\": { \"csp\": null }, \"windows\": [ { \"fullscreen\": false, \"height\": 600, \"resizable\": true, \"title\": \"Tauri App\", \"width\": 800 } ] } } ```",
"type": "object",
"properties": {
"$schema": {
@@ -26,12 +26,6 @@
"tauri": {
"description": "The Tauri configuration.",
"default": {
"allowlist": {
"protocol": {
"asset": false,
"assetScope": []
}
},
"bundle": {
"active": false,
"android": {
@@ -77,6 +71,10 @@
"use": "brownfield"
},
"security": {
"assetProtocol": {
"enable": false,
"scope": []
},
"dangerousDisableAssetCspModification": false,
"dangerousRemoteDomainIpcAccess": [],
"freezePrototype": false
@@ -208,23 +206,13 @@
}
]
},
"allowlist": {
"description": "The allowlist configuration.",
"default": {
"protocol": {
"asset": false,
"assetScope": []
}
},
"allOf": [
{
"$ref": "#/definitions/AllowlistConfig"
}
]
},
"security": {
"description": "Security configuration.",
"default": {
"assetProtocol": {
"enable": false,
"scope": []
},
"dangerousDisableAssetCspModification": false,
"dangerousRemoteDomainIpcAccess": [],
"freezePrototype": false
@@ -1427,80 +1415,6 @@
}
]
},
"AllowlistConfig": {
"description": "Allowlist configuration. The allowlist is a translation of the [Cargo allowlist features](https://docs.rs/tauri/latest/tauri/#cargo-allowlist-features).\n\n# Notes\n\n- Endpoints that don't have their own allowlist option are enabled by default. - There is only \"opt-in\", no \"opt-out\". Setting an option to `false` has no effect.\n\n# Examples\n\n- * [`\"app-all\": true`](https://tauri.app/v1/api/config/#appallowlistconfig.all) will make the [hide](https://tauri.app/v1/api/js/app#hide) endpoint be available regardless of whether `hide` is set to `false` or `true` in the allowlist.",
"type": "object",
"properties": {
"protocol": {
"description": "Custom protocol allowlist.",
"default": {
"asset": false,
"assetScope": []
},
"allOf": [
{
"$ref": "#/definitions/ProtocolAllowlistConfig"
}
]
}
},
"additionalProperties": false
},
"ProtocolAllowlistConfig": {
"description": "Allowlist for the custom protocols.\n\nSee more: https://tauri.app/v1/api/config#protocolallowlistconfig",
"type": "object",
"properties": {
"assetScope": {
"description": "The access scope for the asset protocol.",
"default": [],
"allOf": [
{
"$ref": "#/definitions/FsAllowlistScope"
}
]
},
"asset": {
"description": "Enables the asset protocol.",
"default": false,
"type": "boolean"
}
},
"additionalProperties": false
},
"FsAllowlistScope": {
"description": "Protocol scope definition. It is a list of glob patterns that restrict the API access from the webview.\n\nEach pattern can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"anyOf": [
{
"description": "A list of paths that are allowed by this scope.",
"type": "array",
"items": {
"type": "string"
}
},
{
"description": "A complete scope configuration.",
"type": "object",
"properties": {
"allow": {
"description": "A list of paths that are allowed by this scope.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
},
"deny": {
"description": "A list of paths that are not allowed by this scope. This gets precedence over the [`Self::Scope::allow`] list.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
}
}
]
},
"SecurityConfig": {
"description": "Security configuration.\n\nSee more: https://tauri.app/v1/api/config#securityconfig",
"type": "object",
@@ -1548,6 +1462,18 @@
"items": {
"$ref": "#/definitions/RemoteDomainAccessScope"
}
},
"assetProtocol": {
"description": "Custom protocol config.",
"default": {
"enable": false,
"scope": []
},
"allOf": [
{
"$ref": "#/definitions/AssetProtocolConfig"
}
]
}
},
"additionalProperties": false
@@ -1637,6 +1563,61 @@
},
"additionalProperties": false
},
"AssetProtocolConfig": {
"description": "Config for the asset custom protocol.\n\nSee more: https://tauri.app/v1/api/config#assetprotocolconfig",
"type": "object",
"properties": {
"scope": {
"description": "The access scope for the asset protocol.",
"default": [],
"allOf": [
{
"$ref": "#/definitions/FsScope"
}
]
},
"enable": {
"description": "Enables the asset protocol.",
"default": false,
"type": "boolean"
}
},
"additionalProperties": false
},
"FsScope": {
"description": "Protocol scope definition. It is a list of glob patterns that restrict the API access from the webview.\n\nEach pattern can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"anyOf": [
{
"description": "A list of paths that are allowed by this scope.",
"type": "array",
"items": {
"type": "string"
}
},
{
"description": "A complete scope configuration.",
"type": "object",
"properties": {
"allow": {
"description": "A list of paths that are allowed by this scope.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
},
"deny": {
"description": "A list of paths that are not allowed by this scope. This gets precedence over the [`Self::Scope::allow`] list.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
}
}
]
},
"SystemTrayConfig": {
"description": "Configuration for application system tray icon.\n\nSee more: https://tauri.app/v1/api/config#systemtrayconfig",
"type": "object",

244
core/tauri-utils/src/config.rs
View File

@@ -1083,6 +1083,71 @@ pub struct RemoteDomainAccessScope {
pub plugins: Vec<String>,
}
/// Protocol scope definition.
/// It is a list of glob patterns that restrict the API access from the webview.
///
/// Each pattern can start with a variable that resolves to a system base directory.
/// The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`,
/// `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`,
/// `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`,
/// `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.
#[derive(Debug, PartialEq, Eq, Clone, Deserialize, Serialize)]
#[cfg_attr(feature = "schema", derive(JsonSchema))]
#[serde(untagged)]
pub enum FsScope {
/// A list of paths that are allowed by this scope.
AllowedPaths(Vec<PathBuf>),
/// A complete scope configuration.
Scope {
/// A list of paths that are allowed by this scope.
#[serde(default)]
allow: Vec<PathBuf>,
/// A list of paths that are not allowed by this scope.
/// This gets precedence over the [`Self::Scope::allow`] list.
#[serde(default)]
deny: Vec<PathBuf>,
},
}
impl Default for FsScope {
fn default() -> Self {
Self::AllowedPaths(Vec::new())
}
}
impl FsScope {
/// The list of allowed paths.
pub fn allowed_paths(&self) -> &Vec<PathBuf> {
match self {
Self::AllowedPaths(p) => p,
Self::Scope { allow, .. } => allow,
}
}
/// The list of forbidden paths.
pub fn forbidden_paths(&self) -> Option<&Vec<PathBuf>> {
match self {
Self::AllowedPaths(_) => None,
Self::Scope { deny, .. } => Some(deny),
}
}
}
/// Config for the asset custom protocol.
///
/// See more: https://tauri.app/v1/api/config#assetprotocolconfig
#[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize, Serialize)]
#[cfg_attr(feature = "schema", derive(JsonSchema))]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct AssetProtocolConfig {
/// The access scope for the asset protocol.
#[serde(default, alias = "asset-scope")]
pub scope: FsScope,
/// Enables the asset protocol.
#[serde(default)]
pub enable: bool,
}
/// Security configuration.
///
/// See more: https://tauri.app/v1/api/config#securityconfig
@@ -1134,136 +1199,9 @@ pub struct SecurityConfig {
/// vulnerable to dangerous Tauri command related attacks otherwise.
#[serde(default, alias = "dangerous-remote-domain-ipc-access")]
pub dangerous_remote_domain_ipc_access: Vec<RemoteDomainAccessScope>,
}
/// Defines an allowlist type.
pub trait Allowlist {
/// Returns all features associated with the allowlist struct.
fn all_features() -> Vec<&'static str>;
/// Returns the tauri features enabled on this allowlist.
fn to_features(&self) -> Vec<&'static str>;
}
macro_rules! check_feature {
($self:ident, $features:ident, $flag:ident, $feature_name: expr) => {
if $self.$flag {
$features.push($feature_name)
}
};
}
/// Protocol scope definition.
/// It is a list of glob patterns that restrict the API access from the webview.
///
/// Each pattern can start with a variable that resolves to a system base directory.
/// The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`,
/// `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`,
/// `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`,
/// `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.
#[derive(Debug, PartialEq, Eq, Clone, Deserialize, Serialize)]
#[cfg_attr(feature = "schema", derive(JsonSchema))]
#[serde(untagged)]
pub enum FsAllowlistScope {
/// A list of paths that are allowed by this scope.
AllowedPaths(Vec<PathBuf>),
/// A complete scope configuration.
Scope {
/// A list of paths that are allowed by this scope.
#[serde(default)]
allow: Vec<PathBuf>,
/// A list of paths that are not allowed by this scope.
/// This gets precedence over the [`Self::Scope::allow`] list.
#[serde(default)]
deny: Vec<PathBuf>,
},
}
impl Default for FsAllowlistScope {
fn default() -> Self {
Self::AllowedPaths(Vec::new())
}
}
impl FsAllowlistScope {
/// The list of allowed paths.
pub fn allowed_paths(&self) -> &Vec<PathBuf> {
match self {
Self::AllowedPaths(p) => p,
Self::Scope { allow, .. } => allow,
}
}
/// The list of forbidden paths.
pub fn forbidden_paths(&self) -> Option<&Vec<PathBuf>> {
match self {
Self::AllowedPaths(_) => None,
Self::Scope { deny, .. } => Some(deny),
}
}
}
/// Allowlist for the custom protocols.
///
/// See more: https://tauri.app/v1/api/config#protocolallowlistconfig
#[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize, Serialize)]
#[cfg_attr(feature = "schema", derive(JsonSchema))]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct ProtocolAllowlistConfig {
/// The access scope for the asset protocol.
#[serde(default, alias = "asset-scope")]
pub asset_scope: FsAllowlistScope,
/// Enables the asset protocol.
#[serde(default)]
pub asset: bool,
}
impl Allowlist for ProtocolAllowlistConfig {
fn all_features() -> Vec<&'static str> {
Self {
asset_scope: Default::default(),
asset: true,
}
.to_features()
}
fn to_features(&self) -> Vec<&'static str> {
let mut features = Vec::new();
check_feature!(self, features, asset, "protocol-asset");
features
}
}
/// Allowlist configuration. The allowlist is a translation of the [Cargo allowlist features](https://docs.rs/tauri/latest/tauri/#cargo-allowlist-features).
///
/// # Notes
///
/// - Endpoints that don't have their own allowlist option are enabled by default.
/// - There is only "opt-in", no "opt-out". Setting an option to `false` has no effect.
///
/// # Examples
///
/// - * [`"app-all": true`](https://tauri.app/v1/api/config/#appallowlistconfig.all) will make the [hide](https://tauri.app/v1/api/js/app#hide) endpoint be available regardless of whether `hide` is set to `false` or `true` in the allowlist.
#[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize, Serialize)]
#[cfg_attr(feature = "schema", derive(JsonSchema))]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct AllowlistConfig {
/// Custom protocol allowlist.
#[serde(default)]
pub protocol: ProtocolAllowlistConfig,
}
impl Allowlist for AllowlistConfig {
fn all_features() -> Vec<&'static str> {
let mut features = Vec::new();
features.extend(ProtocolAllowlistConfig::all_features());
features
}
fn to_features(&self) -> Vec<&'static str> {
let mut features = Vec::new();
features.extend(self.protocol.to_features());
features
}
/// Custom protocol config.
#[serde(default, alias="asset-protocol")]
pub asset_protocol: AssetProtocolConfig,
}
/// The application pattern.
@@ -1304,9 +1242,6 @@ pub struct TauriConfig {
/// The bundler configuration.
#[serde(default)]
pub bundle: BundleConfig,
/// The allowlist configuration.
#[serde(default)]
pub allowlist: AllowlistConfig,
/// Security configuration.
#[serde(default)]
pub security: SecurityConfig,
@@ -1322,15 +1257,13 @@ impl TauriConfig {
/// Returns all Cargo features.
#[allow(dead_code)]
pub fn all_features() -> Vec<&'static str> {
let mut features = AllowlistConfig::all_features();
features.extend(vec!["system-tray", "macos-private-api", "isolation"]);
features
vec!["system-tray", "macos-private-api", "isolation"]
}
/// Returns the enabled Cargo features.
#[allow(dead_code)]
pub fn features(&self) -> Vec<&str> {
let mut features = self.allowlist.to_features();
let mut features = Vec::new();
if self.system_tray.is_some() {
features.push("system-tray");
}
@@ -1340,6 +1273,13 @@ impl TauriConfig {
if let PatternKind::Isolation { .. } = self.pattern {
features.push("isolation");
}
if self
.security
.asset_protocol
.enable
{
features.push("protocol-asset");
}
features.sort_unstable();
features
}
@@ -1719,8 +1659,7 @@ impl PackageConfig {
/// The Tauri configuration object.
/// It is read from a file where you can define your frontend assets,
/// configure the bundler, define a system tray,
/// enable APIs via the allowlist and more.
/// configure the bundler and define a system tray.
///
/// The configuration file is generated by the
/// [`tauri init`](https://tauri.app/v1/api/cli#init) command that lives in
@@ -2354,7 +2293,8 @@ mod build {
let freeze_prototype = self.freeze_prototype;
let dangerous_disable_asset_csp_modification = &self.dangerous_disable_asset_csp_modification;
let dangerous_remote_domain_ipc_access =
vec_lit(&self.dangerous_remote_domain_ipc_access, identity);
vec_lit(&self.dangerous_remote_domain_ipc_access, identity);
let asset_protocol = &self.asset_protocol;
literal_struct!(
tokens,
@@ -2363,7 +2303,8 @@ mod build {
dev_csp,
freeze_prototype,
dangerous_disable_asset_csp_modification,
dangerous_remote_domain_ipc_access
dangerous_remote_domain_ipc_access,
asset_protocol
);
}
}
@@ -2385,9 +2326,9 @@ mod build {
}
}
impl ToTokens for FsAllowlistScope {
impl ToTokens for FsScope {
fn to_tokens(&self, tokens: &mut TokenStream) {
let prefix = quote! { ::tauri::utils::config::FsAllowlistScope };
let prefix = quote! { ::tauri::utils::config::FsScope };
tokens.append_all(match self {
Self::AllowedPaths(allow) => {
@@ -2403,17 +2344,10 @@ mod build {
}
}
impl ToTokens for ProtocolAllowlistConfig {
impl ToTokens for AssetProtocolConfig {
fn to_tokens(&self, tokens: &mut TokenStream) {
let asset_scope = &self.asset_scope;
tokens.append_all(quote! { ::tauri::utils::config::ProtocolAllowlistConfig { asset_scope: #asset_scope, ..Default::default() } })
}
}
impl ToTokens for AllowlistConfig {
fn to_tokens(&self, tokens: &mut TokenStream) {
let protocol = &self.protocol;
tokens.append_all(quote! { ::tauri::utils::config::AllowlistConfig { protocol: #protocol } })
let scope = &self.scope;
tokens.append_all(quote! { ::tauri::utils::config::AssetProtocolConfig { scope: #scope, ..Default::default() } })
}
}
@@ -2424,7 +2358,6 @@ mod build {
let bundle = &self.bundle;
let security = &self.security;
let system_tray = opt_lit(self.system_tray.as_ref());
let allowlist = &self.allowlist;
let macos_private_api = self.macos_private_api;
literal_struct!(
@@ -2435,7 +2368,6 @@ mod build {
bundle,
security,
system_tray,
allowlist,
macos_private_api
);
}
@@ -2525,8 +2457,8 @@ mod test {
freeze_prototype: false,
dangerous_disable_asset_csp_modification: DisabledCspModificationKind::Flag(false),
dangerous_remote_domain_ipc_access: Vec::new(),
asset_protocol: AssetProtocolConfig::default(),
},
allowlist: AllowlistConfig::default(),
system_tray: None,
macos_private_api: false,
};

2
core/tauri/scripts/bundle.global.js
View File

File diff suppressed because one or more lines are too long

7
core/tauri/src/app.rs
View File

@@ -1339,7 +1339,12 @@ impl<R: Runtime> Builder<R> {
#[cfg(feature = "protocol-asset")]
asset_protocol: FsScope::for_fs_api(
&app,
&app.config().tauri.allowlist.protocol.asset_scope,
&app
.config()
.tauri
.security
.asset_protocol
.scope,
)?,
});

2
core/tauri/src/scope/fs.rs
View File

@@ -81,7 +81,7 @@ impl Scope {
#[allow(unused)]
pub(crate) fn for_fs_api<R: crate::Runtime, M: crate::Manager<R>>(
manager: &M,
scope: &tauri_utils::config::FsAllowlistScope,
scope: &tauri_utils::config::FsScope,
) -> crate::Result<Self> {
let mut allowed_patterns = HashSet::new();
for path in scope.allowed_paths() {

16
examples/api/dist/assets/index.js vendored
View File

File diff suppressed because one or more lines are too long

89
examples/api/src-tauri/Cargo.lock generated
View File

@@ -43,15 +43,6 @@ dependencies = [
"subtle",
]
[[package]]
name = "aho-corasick"
version = "0.7.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac"
dependencies = [
"memchr",
]
[[package]]
name = "aho-corasick"
version = "1.0.1"
@@ -264,16 +255,6 @@ dependencies = [
"alloc-stdlib",
]
[[package]]
name = "bstr"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3d4260bcc2e8fc9df1eac4919a720effeb63a3f0952f5bf4944adfa18897f09"
dependencies = [
"memchr",
"serde",
]
[[package]]
name = "bumpalo"
version = "3.12.1"
@@ -892,18 +873,6 @@ dependencies = [
"rustc_version",
]
[[package]]
name = "filetime"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5cbc844cecaee9d4443931972e1289c8ff485cb4cc2767cb03ca139ed6885153"
dependencies = [
"cfg-if",
"libc",
"redox_syscall 0.2.16",
"windows-sys 0.48.0",
]
[[package]]
name = "flate2"
version = "1.0.26"
@@ -1262,19 +1231,6 @@ version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
[[package]]
name = "globset"
version = "0.4.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "029d74589adefde59de1a0c4f4732695c32805624aec7b68d91503d4dba79afc"
dependencies = [
"aho-corasick 0.7.20",
"bstr",
"fnv",
"log",
"regex",
]
[[package]]
name = "gobject-sys"
version = "0.16.3"
@@ -1531,23 +1487,6 @@ dependencies = [
"unicode-normalization",
]
[[package]]
name = "ignore"
version = "0.4.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dbe7873dab538a9a44ad79ede1faf5f30d49f9a5c883ddbab48bce81b64b7492"
dependencies = [
"globset",
"lazy_static",
"log",
"memchr",
"regex",
"same-file",
"thread_local",
"walkdir",
"winapi-util",
]
[[package]]
name = "image"
version = "0.24.6"
@@ -2494,7 +2433,7 @@ version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af83e617f331cc6ae2da5443c602dfa5af81e517212d9d611a5b3ba1777b5370"
dependencies = [
"aho-corasick 1.0.1",
"aho-corasick",
"memchr",
"regex-syntax 0.7.1",
]
@@ -3020,17 +2959,6 @@ dependencies = [
"syn 1.0.109",
]
[[package]]
name = "tar"
version = "0.4.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b55807c0344e1e6c04d7c965f5289c39a8d94ae23ed5c0b57aabac549f871c6"
dependencies = [
"filetime",
"libc",
"xattr",
]
[[package]]
name = "target-lexicon"
version = "0.12.7"
@@ -3046,8 +2974,6 @@ dependencies = [
"cocoa",
"dirs-next",
"embed_plist",
"encoding_rs",
"flate2",
"futures-util",
"glib",
"glob",
@@ -3055,7 +2981,6 @@ dependencies = [
"heck",
"http",
"ico 0.2.0",
"ignore",
"infer 0.9.0",
"jni",
"libc",
@@ -3074,7 +2999,6 @@ dependencies = [
"serialize-to-javascript",
"state",
"swift-rs",
"tar",
"tauri-build",
"tauri-macros",
"tauri-runtime",
@@ -3096,7 +3020,6 @@ version = "2.0.0-alpha.4"
dependencies = [
"anyhow",
"cargo_toml",
"filetime",
"heck",
"json-patch",
"quote",
@@ -3206,7 +3129,6 @@ dependencies = [
"thiserror",
"url",
"uuid",
"webview2-com",
"windows 0.44.0",
]
@@ -4221,12 +4143,3 @@ dependencies = [
"once_cell",
"pkg-config",
]
[[package]]
name = "xattr"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d1526bbe5aaeb5eb06885f4d987bcdfa5e23187055de9b83fe00156a821fabc"
dependencies = [
"libc",
]

18
examples/api/src-tauri/tauri.conf.json
View File

@@ -84,15 +84,6 @@
}
}
},
"allowlist": {
"protocol": {
"asset": true,
"assetScope": {
"allow": ["$APPDATA/db/**", "$RESOURCE/**"],
"deny": ["$APPDATA/db/*.stronghold"]
}
}
},
"windows": [],
"security": {
"csp": {
@@ -101,7 +92,14 @@
"img-src": "'self' asset: https://asset.localhost blob: data:",
"style-src": "'unsafe-inline' 'self' https://fonts.googleapis.com"
},
"freezePrototype": true
"freezePrototype": true,
"assetProtocol": {
"enable": true,
"scope": {
"allow": ["$APPDATA/db/**", "$RESOURCE/**"],
"deny": ["$APPDATA/db/*.stronghold"]
}
}
},
"systemTray": {
"iconPath": "../../.icons/tray_icon_with_transparency.png",

1
examples/parent-window/tauri.conf.json
View File

@@ -26,7 +26,6 @@
"copyright": "",
"category": "DeveloperTool"
},
"allowlist": {},
"security": {
"csp": "default-src 'self'"
}

10
examples/streaming/tauri.conf.json
View File

@@ -37,11 +37,6 @@
"exceptionDomain": ""
}
},
"allowlist": {
"protocol": {
"assetScope": ["**/test_video.mp4"]
}
},
"windows": [
{
"title": "Welcome to Tauri!",
@@ -52,7 +47,10 @@
}
],
"security": {
"csp": "default-src 'self'; media-src stream: https://stream.localhost asset: https://asset.localhost"
"csp": "default-src 'self'; media-src stream: https://stream.localhost asset: https://asset.localhost",
"assetProtocol": {
"scope": ["**/test_video.mp4"]
}
}
}
}

2
tooling/api/docs/js-api.json
View File

File diff suppressed because one or more lines are too long

3
tooling/api/src/index.ts
View File

@@ -15,8 +15,9 @@
import * as event from './event'
import * as tauri from './tauri'
import * as path from './path'
/** @ignore */
const invoke = tauri.invoke
export { invoke, event, tauri }
export { invoke, event, path, tauri }

171
tooling/cli/schema.json
View File

@@ -1,7 +1,7 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Config",
"description": "The Tauri configuration object. It is read from a file where you can define your frontend assets, configure the bundler, define a system tray, enable APIs via the allowlist and more.\n\nThe configuration file is generated by the [`tauri init`](https://tauri.app/v1/api/cli#init) command that lives in your Tauri application source directory (src-tauri).\n\nOnce generated, you may modify it at will to customize your Tauri application.\n\n## File Formats\n\nBy default, the configuration is defined as a JSON file named `tauri.conf.json`.\n\nTauri also supports JSON5 and TOML files via the `config-json5` and `config-toml` Cargo features, respectively. The JSON5 file name must be either `tauri.conf.json` or `tauri.conf.json5`. The TOML file name is `Tauri.toml`.\n\n## Platform-Specific Configuration\n\nIn addition to the default configuration file, Tauri can read a platform-specific configuration from `tauri.linux.conf.json`, `tauri.windows.conf.json`, `tauri.macos.conf.json`, `tauri.android.conf.json` and `tauri.ios.conf.json` (or `Tauri.linux.toml`, `Tauri.windows.toml`, `Tauri.macos.toml`, `Tauri.android.toml` and `Tauri.ios.toml` if the `Tauri.toml` format is used), which gets merged with the main configuration object.\n\n## Configuration Structure\n\nThe configuration is composed of the following objects:\n\n- [`package`](#packageconfig): Package settings - [`tauri`](#tauriconfig): The Tauri config - [`build`](#buildconfig): The build configuration - [`plugins`](#pluginconfig): The plugins config\n\n```json title=\"Example tauri.config.json file\" { \"build\": { \"beforeBuildCommand\": \"\", \"beforeDevCommand\": \"\", \"devPath\": \"../dist\", \"distDir\": \"../dist\" }, \"package\": { \"productName\": \"tauri-app\", \"version\": \"0.1.0\" }, \"tauri\": { \"bundle\": {}, \"security\": { \"csp\": null }, \"windows\": [ { \"fullscreen\": false, \"height\": 600, \"resizable\": true, \"title\": \"Tauri App\", \"width\": 800 } ] } } ```",
"description": "The Tauri configuration object. It is read from a file where you can define your frontend assets, configure the bundler and define a system tray.\n\nThe configuration file is generated by the [`tauri init`](https://tauri.app/v1/api/cli#init) command that lives in your Tauri application source directory (src-tauri).\n\nOnce generated, you may modify it at will to customize your Tauri application.\n\n## File Formats\n\nBy default, the configuration is defined as a JSON file named `tauri.conf.json`.\n\nTauri also supports JSON5 and TOML files via the `config-json5` and `config-toml` Cargo features, respectively. The JSON5 file name must be either `tauri.conf.json` or `tauri.conf.json5`. The TOML file name is `Tauri.toml`.\n\n## Platform-Specific Configuration\n\nIn addition to the default configuration file, Tauri can read a platform-specific configuration from `tauri.linux.conf.json`, `tauri.windows.conf.json`, `tauri.macos.conf.json`, `tauri.android.conf.json` and `tauri.ios.conf.json` (or `Tauri.linux.toml`, `Tauri.windows.toml`, `Tauri.macos.toml`, `Tauri.android.toml` and `Tauri.ios.toml` if the `Tauri.toml` format is used), which gets merged with the main configuration object.\n\n## Configuration Structure\n\nThe configuration is composed of the following objects:\n\n- [`package`](#packageconfig): Package settings - [`tauri`](#tauriconfig): The Tauri config - [`build`](#buildconfig): The build configuration - [`plugins`](#pluginconfig): The plugins config\n\n```json title=\"Example tauri.config.json file\" { \"build\": { \"beforeBuildCommand\": \"\", \"beforeDevCommand\": \"\", \"devPath\": \"../dist\", \"distDir\": \"../dist\" }, \"package\": { \"productName\": \"tauri-app\", \"version\": \"0.1.0\" }, \"tauri\": { \"bundle\": {}, \"security\": { \"csp\": null }, \"windows\": [ { \"fullscreen\": false, \"height\": 600, \"resizable\": true, \"title\": \"Tauri App\", \"width\": 800 } ] } } ```",
"type": "object",
"properties": {
"$schema": {
@@ -26,12 +26,6 @@
"tauri": {
"description": "The Tauri configuration.",
"default": {
"allowlist": {
"protocol": {
"asset": false,
"assetScope": []
}
},
"bundle": {
"active": false,
"android": {
@@ -77,6 +71,10 @@
"use": "brownfield"
},
"security": {
"assetProtocol": {
"enable": false,
"scope": []
},
"dangerousDisableAssetCspModification": false,
"dangerousRemoteDomainIpcAccess": [],
"freezePrototype": false
@@ -208,23 +206,13 @@
}
]
},
"allowlist": {
"description": "The allowlist configuration.",
"default": {
"protocol": {
"asset": false,
"assetScope": []
}
},
"allOf": [
{
"$ref": "#/definitions/AllowlistConfig"
}
]
},
"security": {
"description": "Security configuration.",
"default": {
"assetProtocol": {
"enable": false,
"scope": []
},
"dangerousDisableAssetCspModification": false,
"dangerousRemoteDomainIpcAccess": [],
"freezePrototype": false
@@ -1427,80 +1415,6 @@
}
]
},
"AllowlistConfig": {
"description": "Allowlist configuration. The allowlist is a translation of the [Cargo allowlist features](https://docs.rs/tauri/latest/tauri/#cargo-allowlist-features).\n\n# Notes\n\n- Endpoints that don't have their own allowlist option are enabled by default. - There is only \"opt-in\", no \"opt-out\". Setting an option to `false` has no effect.\n\n# Examples\n\n- * [`\"app-all\": true`](https://tauri.app/v1/api/config/#appallowlistconfig.all) will make the [hide](https://tauri.app/v1/api/js/app#hide) endpoint be available regardless of whether `hide` is set to `false` or `true` in the allowlist.",
"type": "object",
"properties": {
"protocol": {
"description": "Custom protocol allowlist.",
"default": {
"asset": false,
"assetScope": []
},
"allOf": [
{
"$ref": "#/definitions/ProtocolAllowlistConfig"
}
]
}
},
"additionalProperties": false
},
"ProtocolAllowlistConfig": {
"description": "Allowlist for the custom protocols.\n\nSee more: https://tauri.app/v1/api/config#protocolallowlistconfig",
"type": "object",
"properties": {
"assetScope": {
"description": "The access scope for the asset protocol.",
"default": [],
"allOf": [
{
"$ref": "#/definitions/FsAllowlistScope"
}
]
},
"asset": {
"description": "Enables the asset protocol.",
"default": false,
"type": "boolean"
}
},
"additionalProperties": false
},
"FsAllowlistScope": {
"description": "Protocol scope definition. It is a list of glob patterns that restrict the API access from the webview.\n\nEach pattern can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"anyOf": [
{
"description": "A list of paths that are allowed by this scope.",
"type": "array",
"items": {
"type": "string"
}
},
{
"description": "A complete scope configuration.",
"type": "object",
"properties": {
"allow": {
"description": "A list of paths that are allowed by this scope.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
},
"deny": {
"description": "A list of paths that are not allowed by this scope. This gets precedence over the [`Self::Scope::allow`] list.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
}
}
]
},
"SecurityConfig": {
"description": "Security configuration.\n\nSee more: https://tauri.app/v1/api/config#securityconfig",
"type": "object",
@@ -1548,6 +1462,18 @@
"items": {
"$ref": "#/definitions/RemoteDomainAccessScope"
}
},
"assetProtocol": {
"description": "Custom protocol config.",
"default": {
"enable": false,
"scope": []
},
"allOf": [
{
"$ref": "#/definitions/AssetProtocolConfig"
}
]
}
},
"additionalProperties": false
@@ -1637,6 +1563,61 @@
},
"additionalProperties": false
},
"AssetProtocolConfig": {
"description": "Config for the asset custom protocol.\n\nSee more: https://tauri.app/v1/api/config#assetprotocolconfig",
"type": "object",
"properties": {
"scope": {
"description": "The access scope for the asset protocol.",
"default": [],
"allOf": [
{
"$ref": "#/definitions/FsScope"
}
]
},
"enable": {
"description": "Enables the asset protocol.",
"default": false,
"type": "boolean"
}
},
"additionalProperties": false
},
"FsScope": {
"description": "Protocol scope definition. It is a list of glob patterns that restrict the API access from the webview.\n\nEach pattern can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"anyOf": [
{
"description": "A list of paths that are allowed by this scope.",
"type": "array",
"items": {
"type": "string"
}
},
{
"description": "A complete scope configuration.",
"type": "object",
"properties": {
"allow": {
"description": "A list of paths that are allowed by this scope.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
},
"deny": {
"description": "A list of paths that are not allowed by this scope. This gets precedence over the [`Self::Scope::allow`] list.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
}
}
]
},
"SystemTrayConfig": {
"description": "Configuration for application system tray icon.\n\nSee more: https://tauri.app/v1/api/config#systemtrayconfig",
"type": "object",