fix(csp): add wss and tauri to conf template (#1974)

* fix(csp): add wss and tauri to conf template * add change file, update examples/docs Co-authored-by: Lucas Nogueira <lucas@tauri.studio>
2024-11-28 12:27:16 +03:00 · 2021-06-15 18:37:24 +02:00 · 2021-06-15 18:37:24 +02:00 · 463fd00d06
commit 463fd00d06
parent fb1f483a33
17 changed files with 68 additions and 39 deletions
--- a/.changes/template-csp-change.md
+++ b/.changes/template-csp-change.md
@ -0,0 +1,5 @@
 ---
 "cli.rs": patch
 ---
 Change the `csp` value on the template to include `wss:` and `tauri:` to the `default-src` attribute.
--- a/core/tauri/test/fixture/src-tauri/tauri.conf.json
+++ b/core/tauri/test/fixture/src-tauri/tauri.conf.json
@ -17,7 +17,7 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
--- a/docs/api/config.md
+++ b/docs/api/config.md
@ -358,7 +358,7 @@ Instead of launching the app directly, we configure the bundled app to run a scr
    "fullscreen": false
  }],
  "security": {
-    "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+    "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
  }
 }
 ```
--- a/docs/usage/development/integration.md
+++ b/docs/usage/development/integration.md
@ -107,7 +107,7 @@ App directory structure
 App
  tauri.rs - 1.0.0-beta.1
  build-type - bundle
-  CSP - default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'
+  CSP - default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'
  distDir - ../public
  devPath - ../public
  framework - Svelte
--- a/examples/api/src-tauri/tauri.conf.json
+++ b/examples/api/src-tauri/tauri.conf.json
@ -78,10 +78,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
    },
    "systemTray": {
      "iconPath": "../../.icons/icon.png"
    }
  }
-}
+}
--- a/examples/commands/src-tauri/tauri.conf.json
+++ b/examples/commands/src-tauri/tauri.conf.json
@ -1,7 +1,11 @@
 {
  "build": {
-    "distDir": ["../index.html"],
+    "distDir": [
-    "devPath": ["../index.html"],
+      "../index.html"
    ],
    "devPath": [
      "../index.html"
    ],
    "beforeDevCommand": "",
    "beforeBuildCommand": ""
  },
@ -47,10 +51,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/examples/helloworld/src-tauri/tauri.conf.json
+++ b/examples/helloworld/src-tauri/tauri.conf.json
@ -1,7 +1,11 @@
 {
  "build": {
-    "distDir": ["../index.html"],
+    "distDir": [
-    "devPath": ["../index.html"],
+      "../index.html"
    ],
    "devPath": [
      "../index.html"
    ],
    "beforeDevCommand": "",
    "beforeBuildCommand": ""
  },
@ -47,10 +51,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/examples/multiwindow/src-tauri/tauri.conf.json
+++ b/examples/multiwindow/src-tauri/tauri.conf.json
@ -1,7 +1,11 @@
 {
  "build": {
-    "distDir": ["../index.html"],
+    "distDir": [
-    "devPath": ["../index.html"],
+      "../index.html"
    ],
    "devPath": [
      "../index.html"
    ],
    "withGlobalTauri": true
  },
  "tauri": {
@ -39,7 +43,7 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
--- a/examples/navigation/src-tauri/tauri.conf.json
+++ b/examples/navigation/src-tauri/tauri.conf.json
@ -48,10 +48,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/examples/params/src-tauri/tauri.conf.json
+++ b/examples/params/src-tauri/tauri.conf.json
@ -1,7 +1,11 @@
 {
  "build": {
-    "distDir": ["../index.html"],
+    "distDir": [
-    "devPath": ["../index.html"],
+      "../index.html"
    ],
    "devPath": [
      "../index.html"
    ],
    "beforeDevCommand": "",
    "beforeBuildCommand": ""
  },
@ -47,10 +51,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/examples/splashscreen/src-tauri/tauri.conf.json
+++ b/examples/splashscreen/src-tauri/tauri.conf.json
@ -42,10 +42,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'  img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'  img-src: 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/examples/state/src-tauri/tauri.conf.json
+++ b/examples/state/src-tauri/tauri.conf.json
@ -1,7 +1,11 @@
 {
  "build": {
-    "distDir": ["../index.html"],
+    "distDir": [
-    "devPath": ["../index.html"],
+      "../index.html"
    ],
    "devPath": [
      "../index.html"
    ],
    "beforeDevCommand": "",
    "beforeBuildCommand": ""
  },
@ -47,10 +51,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/examples/updater/src-tauri/tauri.conf.json
+++ b/examples/updater/src-tauri/tauri.conf.json
@ -1,7 +1,11 @@
 {
  "build": {
-    "distDir": ["../index.html"],
+    "distDir": [
-    "devPath": ["../index.html"],
+      "../index.html"
    ],
    "devPath": [
      "../index.html"
    ],
    "beforeDevCommand": "",
    "beforeBuildCommand": ""
  },
@ -47,7 +51,7 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": true,
@ -58,4 +62,4 @@
      ]
    }
  }
-}
+}
--- a/tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json
+++ b/tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json
@ -47,10 +47,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json
+++ b/tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json
@ -47,10 +47,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/tooling/bench/tests/helloworld/src-tauri/tauri.conf.json
+++ b/tooling/bench/tests/helloworld/src-tauri/tauri.conf.json
@ -47,10 +47,10 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'"
    },
    "updater": {
      "active": false
    }
  }
-}
+}
--- a/tooling/cli.rs/templates/src-tauri/tauri.conf.json
+++ b/tooling/cli.rs/templates/src-tauri/tauri.conf.json
@ -61,7 +61,7 @@
      }
    ],
    "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
    }
  }
 }