mirror of
https://github.com/tauri-apps/tauri.git
synced 2024-08-16 11:20:28 +03:00
chore(linux): remove CSP tag on custom protocol response (#8984)
This commit is contained in:
parent
6cb601d42e
commit
bc5b5e671a
7
.changes/csp-header-linux.md
Normal file
7
.changes/csp-header-linux.md
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
"tauri": patch:enhance
|
||||
"tauri-utils": patch:enhance
|
||||
"tauri-codegen": patch:enhance
|
||||
---
|
||||
|
||||
Do not include a CSP tag in the application HTML and rely on the custom protocol response header instead.
|
@ -40,7 +40,6 @@ pub struct ContextData {
|
||||
|
||||
fn map_core_assets(
|
||||
options: &AssetOptions,
|
||||
target: Target,
|
||||
) -> impl Fn(&AssetKey, &Path, &mut Vec<u8>, &mut CspHashes) -> Result<(), EmbeddedAssetsError> {
|
||||
#[cfg(feature = "isolation")]
|
||||
let pattern = tauri_utils::html::PatternObject::from(&options.pattern);
|
||||
@ -53,10 +52,6 @@ fn map_core_assets(
|
||||
if csp {
|
||||
let document = parse_html(String::from_utf8_lossy(input).into_owned());
|
||||
|
||||
if target == Target::Linux {
|
||||
::tauri_utils::html::inject_csp_token(&document);
|
||||
}
|
||||
|
||||
inject_nonce_token(&document, &dangerous_disable_asset_csp_modification);
|
||||
|
||||
if dangerous_disable_asset_csp_modification.can_modify("script-src") {
|
||||
@ -176,7 +171,7 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
|
||||
path
|
||||
)
|
||||
}
|
||||
EmbeddedAssets::new(assets_path, &options, map_core_assets(&options, target))?
|
||||
EmbeddedAssets::new(assets_path, &options, map_core_assets(&options))?
|
||||
}
|
||||
FrontendDist::Files(files) => EmbeddedAssets::new(
|
||||
files
|
||||
@ -184,7 +179,7 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
|
||||
.map(|p| config_parent.join(p))
|
||||
.collect::<Vec<_>>(),
|
||||
&options,
|
||||
map_core_assets(&options, target),
|
||||
map_core_assets(&options),
|
||||
)?,
|
||||
_ => unimplemented!(),
|
||||
},
|
||||
|
@ -2854,7 +2854,6 @@ fn handle_user_message<T: UserEvent>(
|
||||
}
|
||||
// Getters
|
||||
WebviewMessage::Url(tx) => {
|
||||
println!("url getter");
|
||||
tx.send(webview.url().parse().unwrap()).unwrap();
|
||||
}
|
||||
WebviewMessage::Position(tx) => {
|
||||
|
@ -23,8 +23,6 @@ use crate::config::{DisabledCspModificationKind, PatternKind};
|
||||
#[cfg(feature = "isolation")]
|
||||
use crate::pattern::isolation::IsolationJavascriptCodegen;
|
||||
|
||||
/// The token used on the CSP tag content.
|
||||
pub const CSP_TOKEN: &str = "__TAURI_CSP__";
|
||||
/// The token used for script nonces.
|
||||
pub const SCRIPT_NONCE_TOKEN: &str = "__TAURI_SCRIPT_NONCE__";
|
||||
/// The token used for style nonces.
|
||||
@ -168,11 +166,6 @@ pub fn inject_csp(document: &NodeRef, csp: &str) {
|
||||
});
|
||||
}
|
||||
|
||||
/// Injects a content security policy token to the HTML.
|
||||
pub fn inject_csp_token(document: &NodeRef) {
|
||||
inject_csp(document, CSP_TOKEN)
|
||||
}
|
||||
|
||||
fn create_csp_meta_tag(csp: &str) -> NodeRef {
|
||||
NodeRef::new_element(
|
||||
QualName::new(None, ns!(html), LocalName::from("meta")),
|
||||
@ -298,12 +291,12 @@ mod tests {
|
||||
];
|
||||
for html in htmls {
|
||||
let document = kuchiki::parse_html().one(html);
|
||||
super::inject_csp_token(&document);
|
||||
let csp = "csp-string";
|
||||
super::inject_csp(&document, csp);
|
||||
assert_eq!(
|
||||
document.to_string(),
|
||||
format!(
|
||||
r#"<html><head><meta http-equiv="Content-Security-Policy" content="{}"></head><body></body></html>"#,
|
||||
super::CSP_TOKEN
|
||||
r#"<html><head><meta http-equiv="Content-Security-Policy" content="{csp}"></head><body></body></html>"#,
|
||||
)
|
||||
);
|
||||
}
|
||||
|
@ -164,14 +164,6 @@ fn get_response<R: Runtime>(
|
||||
if let Some(handler) = &web_resource_request_handler {
|
||||
handler(request, &mut response);
|
||||
}
|
||||
// if it's an HTML file, we need to set the CSP meta tag on Linux
|
||||
#[cfg(target_os = "linux")]
|
||||
if let Some(response_csp) = response.headers().get("Content-Security-Policy") {
|
||||
let response_csp = String::from_utf8_lossy(response_csp.as_bytes());
|
||||
let html = String::from_utf8_lossy(response.body());
|
||||
let body = html.replacen(tauri_utils::html::CSP_TOKEN, &response_csp, 1);
|
||||
*response.body_mut() = body.as_bytes().to_vec().into();
|
||||
}
|
||||
|
||||
Ok(response)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user