From 4bf1c55b0dd43b9cd9edf1b2c500675a70ba049e Mon Sep 17 00:00:00 2001 From: Lucas Fernandes Nogueira Date: Mon, 4 Mar 2024 22:22:49 -0300 Subject: [PATCH] Revert "feat(core): use a strict CSP on the isolation iframe (#9075)" (#9078) --- .changes/strict-isolation-csp.md | 5 ----- core/tauri/src/protocol/isolation.rs | 3 --- examples/api/src-tauri/Cargo.lock | 1 - 3 files changed, 9 deletions(-) delete mode 100644 .changes/strict-isolation-csp.md diff --git a/.changes/strict-isolation-csp.md b/.changes/strict-isolation-csp.md deleted file mode 100644 index 5a415585c..000000000 --- a/.changes/strict-isolation-csp.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"tauri": patch:enhance ---- - -Use a strict content security policy on the isolation pattern HTML. diff --git a/core/tauri/src/protocol/isolation.rs b/core/tauri/src/protocol/isolation.rs index 57a269cc9..f98b8682b 100644 --- a/core/tauri/src/protocol/isolation.rs +++ b/core/tauri/src/protocol/isolation.rs @@ -10,8 +10,6 @@ use std::sync::Arc; use crate::{manager::webview::PROCESS_IPC_MESSAGE_FN, webview::UriSchemeProtocolHandler}; -const CSP: &str = "default-src: 'none'"; - pub fn get(assets: Arc, aes_gcm_key: [u8; 32]) -> UriSchemeProtocolHandler { Box::new(move |request, responder| { let response = match request_to_path(&request).as_str() { @@ -25,7 +23,6 @@ pub fn get(assets: Arc, aes_gcm_key: [u8; 32]) -> UriSchemeProto match template.render(asset.as_ref(), &Default::default()) { Ok(asset) => http::Response::builder() .header(CONTENT_TYPE, mime::TEXT_HTML.as_ref()) - .header("Content-Security-Policy", CSP) .body(asset.into_string().as_bytes().to_vec()), Err(_) => http::Response::builder() .status(http::StatusCode::INTERNAL_SERVER_ERROR) diff --git a/examples/api/src-tauri/Cargo.lock b/examples/api/src-tauri/Cargo.lock index b419ca47a..922ea887e 100644 --- a/examples/api/src-tauri/Cargo.lock +++ b/examples/api/src-tauri/Cargo.lock @@ -3302,7 +3302,6 @@ dependencies = [ "gtk", "http", "jni", - "log", "percent-encoding", "raw-window-handle 0.6.0", "softbuffer",