* fix(core): SHA256 hash for JS scripts CSP on Windows
we hash JS scripts as SHA256 for the Content-Security-Policy (CSP) header. The isolation pattern is broken on Windows due to the hash including carriage return characters, which are not processed when the webview checks the script hash to see if the CSP allows the script.
* fmt, clippy
* fix(core): capability filtering crashing allowed command generation
tauri-plugin and tauri build scripts cannot have access to the capabilities file (generated by tauri-build) and can only infer capabilities from the config path
* cleanup
* unused import
* followup
* fix reassign
* mut
* Update crates/tauri-utils/src/acl/build.rs
Co-authored-by: Tony <68118705+Legend-Master@users.noreply.github.com>
---------
Co-authored-by: Tony <68118705+Legend-Master@users.noreply.github.com>
* refactor: put dynamic acl to a feature
* Add change file
* Tweak remove_unused_commands's docs
* License header
* Document the feature
* Merge remote-tracking branch 'upstream/dev' into dynamic-acl-feature
* Use a inner non generic fn for add_capability
* Clippy and macro stability notice
* Merge remote-tracking branch 'upstream/dev' into dynamic-acl-feature
* Format
* Add a new option to remove unused commands
* Fix compile
* Add markers to all core plugins
* Clippy
* Add allow unused when running with this
* Use build script to generate allowed-commands.json
* Clean up and add proper reruns
* Wrong path
* Revert to #[cfg_attr(not(debug_assertions), allow(unused))]
* Add change files
* Some more docs
* Add version requirement note
* Avoid rerun if no capabilities folder
* Remove unused box
* small cleanup
* fix channel
* implement for app handler too
* rely on core:default for channel perms
* Move this feature to config
* Docs change
* Forget one last remove_unused_commands
* Remove removeUnusedCommands from helloworld
* tell handler that the app ACL manifest exists
* update change file
* update doc
* update change file
* Use a struct to pass the data instead of env var
* Clippy
* Fix can't exclude inlined plugins on Windows
due to UNC paths...
* Apply suggestion from code review
* Remove remove on empty to tauri-build
* Revert "Remove remove on empty to tauri-build"
This reverts commit b727dd621e.
* Centralize remove_file(allowed_commands_file_path)
* Escape glob pattern
* update change file
* remove unused commands for dev too
* Update crates/tauri-utils/src/config.rs
Co-authored-by: Fabian-Lars <github@fabianlars.de>
* regen schema
---------
Co-authored-by: Lucas Nogueira <lucas@tauri.app>
Co-authored-by: Fabian-Lars <github@fabianlars.de>
* remove dbg! in resources test
* use methods from `fs` and `env` qualified
* share `ACL_MANIFESTS_FILE_NAME` and `CAPABILITIES_FILE_NAME` consts across crates
* simplifiy `Manifest::new` code for better readability
* move reading global api scripts logic next to the function that defines it
* [tauri-build] move acl logic from lib.rs to acl.rs
* use const value for schema instead of enum value with a single variant
* remove unnecessary info from permissions hover
* move related functions next to each other & improve readability of others
* use methods from `fs` and `env` qualified
* fix warning, unused return in test
* document some functions
* improve generated schema for better scope schema completion, simplify, reorganize and document the logic
previously if you had `fs` and `http` plugins added in a project
and then try to write an extended permission for `fs:allow-app-meta`
```json
{
"identifier": "fs:allow-app-meta",
"allow": [ <here> ]
}
```
and even though identifier is from `fs` plugin,
the JSON schema suggests `path` and `url`.
Now it will only suggest relevant field which is `path`
* resolve permissions from other plugins, generate `core:default` as a normal set instead of special logic
* move `PERMISSION_SCHEMAS_FOLDER_NAME` to acl module
* use gneric trait because of MSRV
* ensure `gen/schemas` dir is created
* clippy
