From 7d21e3b2faa08e69321b4c45775e17c961edd666 Mon Sep 17 00:00:00 2001 From: Tony <68118705+Legend-Master@users.noreply.github.com> Date: Mon, 4 Aug 2025 18:13:02 +0800 Subject: [PATCH] docs: how `security > capabilities` works (#13946) * docs: how `security > capabilities` works * Add how to use it * Apply suggestions * Relative to `Cargo.toml` * Remove the relative base wording --- crates/tauri-cli/config.schema.json | 2 +- .../schemas/config.schema.json | 2 +- crates/tauri-utils/src/config.rs | 21 ++++++++++++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/crates/tauri-cli/config.schema.json b/crates/tauri-cli/config.schema.json index 11ba08e0a..fd0a809b0 100644 --- a/crates/tauri-cli/config.schema.json +++ b/crates/tauri-cli/config.schema.json @@ -1150,7 +1150,7 @@ ] }, "capabilities": { - "description": "List of capabilities that are enabled on the application.\n\n If the list is empty, all capabilities are included.", + "description": "List of capabilities that are enabled on the application.\n\n By default (not set or empty list), all capability files from `./capabilities/` are included,\n by setting values in this entry, you have fine grained control over which capabilities are included\n\n You can either reference a capability file defined in `./capabilities/` with its identifier or inline a [`Capability`]\n\n ### Example\n\n ```json\n {\n \"app\": {\n \"capabilities\": [\n \"main-window\",\n {\n \"identifier\": \"drag-window\",\n \"permissions\": [\"core:window:allow-start-dragging\"]\n }\n ]\n }\n }\n ```", "default": [], "type": "array", "items": { diff --git a/crates/tauri-schema-generator/schemas/config.schema.json b/crates/tauri-schema-generator/schemas/config.schema.json index 11ba08e0a..fd0a809b0 100644 --- a/crates/tauri-schema-generator/schemas/config.schema.json +++ b/crates/tauri-schema-generator/schemas/config.schema.json @@ -1150,7 +1150,7 @@ ] }, "capabilities": { - "description": "List of capabilities that are enabled on the application.\n\n If the list is empty, all capabilities are included.", + "description": "List of capabilities that are enabled on the application.\n\n By default (not set or empty list), all capability files from `./capabilities/` are included,\n by setting values in this entry, you have fine grained control over which capabilities are included\n\n You can either reference a capability file defined in `./capabilities/` with its identifier or inline a [`Capability`]\n\n ### Example\n\n ```json\n {\n \"app\": {\n \"capabilities\": [\n \"main-window\",\n {\n \"identifier\": \"drag-window\",\n \"permissions\": [\"core:window:allow-start-dragging\"]\n }\n ]\n }\n }\n ```", "default": [], "type": "array", "items": { diff --git a/crates/tauri-utils/src/config.rs b/crates/tauri-utils/src/config.rs index 87c002828..bb88ad126 100644 --- a/crates/tauri-utils/src/config.rs +++ b/crates/tauri-utils/src/config.rs @@ -2468,7 +2468,26 @@ pub struct SecurityConfig { pub pattern: PatternKind, /// List of capabilities that are enabled on the application. /// - /// If the list is empty, all capabilities are included. + /// By default (not set or empty list), all capability files from `./capabilities/` are included, + /// by setting values in this entry, you have fine grained control over which capabilities are included + /// + /// You can either reference a capability file defined in `./capabilities/` with its identifier or inline a [`Capability`] + /// + /// ### Example + /// + /// ```json + /// { + /// "app": { + /// "capabilities": [ + /// "main-window", + /// { + /// "identifier": "drag-window", + /// "permissions": ["core:window:allow-start-dragging"] + /// } + /// ] + /// } + /// } + /// ``` #[serde(default)] pub capabilities: Vec, /// The headers, which are added to every http response from tauri to the web view