From 463fd00d06241c734994fe8e1882788dc30cc993 Mon Sep 17 00:00:00 2001 From: nothingismagick Date: Tue, 15 Jun 2021 18:37:24 +0200 Subject: [PATCH] fix(csp): add wss and tauri to conf template (#1974) * fix(csp): add wss and tauri to conf template * add change file, update examples/docs Co-authored-by: Lucas Nogueira --- .changes/template-csp-change.md | 5 +++++ core/tauri/test/fixture/src-tauri/tauri.conf.json | 2 +- docs/api/config.md | 2 +- docs/usage/development/integration.md | 2 +- examples/api/src-tauri/tauri.conf.json | 4 ++-- examples/commands/src-tauri/tauri.conf.json | 12 ++++++++---- examples/helloworld/src-tauri/tauri.conf.json | 12 ++++++++---- examples/multiwindow/src-tauri/tauri.conf.json | 10 +++++++--- examples/navigation/src-tauri/tauri.conf.json | 4 ++-- examples/params/src-tauri/tauri.conf.json | 12 ++++++++---- examples/splashscreen/src-tauri/tauri.conf.json | 4 ++-- examples/state/src-tauri/tauri.conf.json | 12 ++++++++---- examples/updater/src-tauri/tauri.conf.json | 12 ++++++++---- .../tests/cpu_intensive/src-tauri/tauri.conf.json | 4 ++-- .../tests/files_transfer/src-tauri/tauri.conf.json | 4 ++-- .../bench/tests/helloworld/src-tauri/tauri.conf.json | 4 ++-- tooling/cli.rs/templates/src-tauri/tauri.conf.json | 2 +- 17 files changed, 68 insertions(+), 39 deletions(-) create mode 100644 .changes/template-csp-change.md diff --git a/.changes/template-csp-change.md b/.changes/template-csp-change.md new file mode 100644 index 000000000..be04ca81b --- /dev/null +++ b/.changes/template-csp-change.md @@ -0,0 +1,5 @@ +--- +"cli.rs": patch +--- + +Change the `csp` value on the template to include `wss:` and `tauri:` to the `default-src` attribute. diff --git a/core/tauri/test/fixture/src-tauri/tauri.conf.json b/core/tauri/test/fixture/src-tauri/tauri.conf.json index 092ffa9b9..f5ecf03b2 100644 --- a/core/tauri/test/fixture/src-tauri/tauri.conf.json +++ b/core/tauri/test/fixture/src-tauri/tauri.conf.json @@ -17,7 +17,7 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false diff --git a/docs/api/config.md b/docs/api/config.md index 8643e02b9..8f4082ed8 100644 --- a/docs/api/config.md +++ b/docs/api/config.md @@ -358,7 +358,7 @@ Instead of launching the app directly, we configure the bundled app to run a scr "fullscreen": false }], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" } } ``` diff --git a/docs/usage/development/integration.md b/docs/usage/development/integration.md index 6b252cebb..4fba6f64b 100644 --- a/docs/usage/development/integration.md +++ b/docs/usage/development/integration.md @@ -107,7 +107,7 @@ App directory structure App tauri.rs - 1.0.0-beta.1 build-type - bundle - CSP - default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self' + CSP - default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self' distDir - ../public devPath - ../public framework - Svelte diff --git a/examples/api/src-tauri/tauri.conf.json b/examples/api/src-tauri/tauri.conf.json index fde515735..59112bef2 100644 --- a/examples/api/src-tauri/tauri.conf.json +++ b/examples/api/src-tauri/tauri.conf.json @@ -78,10 +78,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'" }, "systemTray": { "iconPath": "../../.icons/icon.png" } } -} +} \ No newline at end of file diff --git a/examples/commands/src-tauri/tauri.conf.json b/examples/commands/src-tauri/tauri.conf.json index 588d5e264..b140b2f57 100644 --- a/examples/commands/src-tauri/tauri.conf.json +++ b/examples/commands/src-tauri/tauri.conf.json @@ -1,7 +1,11 @@ { "build": { - "distDir": ["../index.html"], - "devPath": ["../index.html"], + "distDir": [ + "../index.html" + ], + "devPath": [ + "../index.html" + ], "beforeDevCommand": "", "beforeBuildCommand": "" }, @@ -47,10 +51,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/examples/helloworld/src-tauri/tauri.conf.json b/examples/helloworld/src-tauri/tauri.conf.json index d43bffaed..716494fa7 100644 --- a/examples/helloworld/src-tauri/tauri.conf.json +++ b/examples/helloworld/src-tauri/tauri.conf.json @@ -1,7 +1,11 @@ { "build": { - "distDir": ["../index.html"], - "devPath": ["../index.html"], + "distDir": [ + "../index.html" + ], + "devPath": [ + "../index.html" + ], "beforeDevCommand": "", "beforeBuildCommand": "" }, @@ -47,10 +51,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/examples/multiwindow/src-tauri/tauri.conf.json b/examples/multiwindow/src-tauri/tauri.conf.json index 90d9e52bc..6f53a64d2 100644 --- a/examples/multiwindow/src-tauri/tauri.conf.json +++ b/examples/multiwindow/src-tauri/tauri.conf.json @@ -1,7 +1,11 @@ { "build": { - "distDir": ["../index.html"], - "devPath": ["../index.html"], + "distDir": [ + "../index.html" + ], + "devPath": [ + "../index.html" + ], "withGlobalTauri": true }, "tauri": { @@ -39,7 +43,7 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false diff --git a/examples/navigation/src-tauri/tauri.conf.json b/examples/navigation/src-tauri/tauri.conf.json index ba3677072..6064e83bb 100644 --- a/examples/navigation/src-tauri/tauri.conf.json +++ b/examples/navigation/src-tauri/tauri.conf.json @@ -48,10 +48,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/examples/params/src-tauri/tauri.conf.json b/examples/params/src-tauri/tauri.conf.json index 588d5e264..b140b2f57 100644 --- a/examples/params/src-tauri/tauri.conf.json +++ b/examples/params/src-tauri/tauri.conf.json @@ -1,7 +1,11 @@ { "build": { - "distDir": ["../index.html"], - "devPath": ["../index.html"], + "distDir": [ + "../index.html" + ], + "devPath": [ + "../index.html" + ], "beforeDevCommand": "", "beforeBuildCommand": "" }, @@ -47,10 +51,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/examples/splashscreen/src-tauri/tauri.conf.json b/examples/splashscreen/src-tauri/tauri.conf.json index 065c945b9..c0fa7670f 100644 --- a/examples/splashscreen/src-tauri/tauri.conf.json +++ b/examples/splashscreen/src-tauri/tauri.conf.json @@ -42,10 +42,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/examples/state/src-tauri/tauri.conf.json b/examples/state/src-tauri/tauri.conf.json index 588d5e264..b140b2f57 100644 --- a/examples/state/src-tauri/tauri.conf.json +++ b/examples/state/src-tauri/tauri.conf.json @@ -1,7 +1,11 @@ { "build": { - "distDir": ["../index.html"], - "devPath": ["../index.html"], + "distDir": [ + "../index.html" + ], + "devPath": [ + "../index.html" + ], "beforeDevCommand": "", "beforeBuildCommand": "" }, @@ -47,10 +51,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/examples/updater/src-tauri/tauri.conf.json b/examples/updater/src-tauri/tauri.conf.json index 95734e51f..4ede5debd 100644 --- a/examples/updater/src-tauri/tauri.conf.json +++ b/examples/updater/src-tauri/tauri.conf.json @@ -1,7 +1,11 @@ { "build": { - "distDir": ["../index.html"], - "devPath": ["../index.html"], + "distDir": [ + "../index.html" + ], + "devPath": [ + "../index.html" + ], "beforeDevCommand": "", "beforeBuildCommand": "" }, @@ -47,7 +51,7 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": true, @@ -58,4 +62,4 @@ ] } } -} +} \ No newline at end of file diff --git a/tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json b/tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json index 92babadc8..bce9c77b8 100644 --- a/tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json +++ b/tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json @@ -47,10 +47,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json b/tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json index 92babadc8..bce9c77b8 100644 --- a/tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json +++ b/tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json @@ -47,10 +47,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/tooling/bench/tests/helloworld/src-tauri/tauri.conf.json b/tooling/bench/tests/helloworld/src-tauri/tauri.conf.json index 92babadc8..bce9c77b8 100644 --- a/tooling/bench/tests/helloworld/src-tauri/tauri.conf.json +++ b/tooling/bench/tests/helloworld/src-tauri/tauri.conf.json @@ -47,10 +47,10 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'" }, "updater": { "active": false } } -} +} \ No newline at end of file diff --git a/tooling/cli.rs/templates/src-tauri/tauri.conf.json b/tooling/cli.rs/templates/src-tauri/tauri.conf.json index 72d94f1d0..3c6a77003 100644 --- a/tooling/cli.rs/templates/src-tauri/tauri.conf.json +++ b/tooling/cli.rs/templates/src-tauri/tauri.conf.json @@ -61,7 +61,7 @@ } ], "security": { - "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'" + "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'" } } }