check the main frame's origin in isolation.js (#10423)

* check the main frame's origin in isolation.js * add changefile * correct changefile tag * use strict origin checking
2024-09-19 20:28:54 +03:00 · 2024-07-31 04:32:32 +09:00 · 2024-07-31 04:32:32 +09:00 · 426d14bb41
commit 426d14bb41
parent 87029310b8
5 changed files with 20 additions and 4 deletions
--- a/.changes/isolation-main-frame-origin.md
+++ b/.changes/isolation-main-frame-origin.md
@ -0,0 +1,6 @@
+---
+"tauri": "patch:sec"
+"tauri-utils": "patch:sec"
+---
+
+Explicitly check that the main frame's origin is the sender of Isolation Payloads
--- a/core/tauri-utils/src/pattern/isolation.js
+++ b/core/tauri-utils/src/pattern/isolation.js
@ -17,6 +17,11 @@
    window.parent.postMessage(message, '*')
  }

+  /**
+   * @type {string} - The main frame origin.
+   */
+  const origin = __TEMPLATE_origin__
+
  /**
   * @type {Uint8Array} - Injected by Tauri during runtime
   */
@ -42,14 +47,14 @@
    algorithm.name = 'AES-GCM'
    algorithm.iv = window.crypto.getRandomValues(new Uint8Array(12))

-    const { contentType, data } = __RAW_process_ipc_message_fn__(payload)
+    const {contentType, data} = __RAW_process_ipc_message_fn__(payload)

    const message =
      typeof data === 'string'
        ? new TextEncoder().encode(data)
        : ArrayBuffer.isView(data) || data instanceof ArrayBuffer
-        ? data
-        : new Uint8Array(data)
+          ? data
+          : new Uint8Array(data)

    return window.crypto.subtle
      .encrypt(algorithm, aesGcmKey, message)
@ -101,7 +106,7 @@
   * @param {MessageEvent<any>} event
   */
  async function payloadHandler(event) {
-    if (!isIsolationPayload(event.data)) {
+    if (event.origin !== origin || !isIsolationPayload(event.data)) {
      return
    }

--- a/core/tauri-utils/src/pattern/isolation.rs
+++ b/core/tauri-utils/src/pattern/isolation.rs
@ -156,6 +156,8 @@ pub struct IsolationJavascriptCodegen {
 pub struct IsolationJavascriptRuntime<'a> {
  /// The key used on the Rust backend and the Isolation Javascript
  pub runtime_aes_gcm_key: &'a [u8; 32],
+  /// The origin the isolation application is expecting messages from.
+  pub origin: String,
  /// The function that processes the IPC message.
  #[raw]
  pub process_ipc_message_fn: &'a str,
--- a/core/tauri/src/manager/webview.rs
+++ b/core/tauri/src/manager/webview.rs
@ -336,6 +336,7 @@ impl<R: Runtime> WebviewManager<R> {
        schema,
        assets.clone(),
        *crypto_keys.aes_gcm().raw(),
+        window_origin,
      );
      pending.register_uri_scheme_protocol(schema, move |request, responder| {
        protocol(request, UriSchemeResponder(responder))
--- a/core/tauri/src/protocol/isolation.rs
+++ b/core/tauri/src/protocol/isolation.rs
@ -20,6 +20,7 @@ pub fn get<R: Runtime>(
  schema: &str,
  assets: Arc<EmbeddedAssets>,
  aes_gcm_key: [u8; 32],
+  window_origin: String,
 ) -> UriSchemeProtocolHandler {
  let frame_src = if cfg!(any(windows, target_os = "android")) {
    format!("http://{schema}.localhost")
@ -45,6 +46,7 @@ pub fn get<R: Runtime>(

          let template = tauri_utils::pattern::isolation::IsolationJavascriptRuntime {
            runtime_aes_gcm_key: &aes_gcm_key,
+            origin: window_origin.clone(),
            process_ipc_message_fn: PROCESS_IPC_MESSAGE_FN,
          };
          match template.render(asset.as_ref(), &Default::default()) {