An unofficial Tauri plugin that enables seamless cross-origin resource sharing (CORS) for web fetch requests within Tauri applications.
Overview
When developing cross-platform desktop applications with Tauri, you may encounter CORS restrictions that prevent direct access to certain web resources, such as OpenAI services. While the official tauri-plugin-http can achieve CORS bypassing, it requires modifying your network requests and may not be compatible with third-party dependencies that rely on the standard fetch
API.
tauri-plugin-cors-fetch
provides a transparent solution by automatically intercepting and modifying outgoing fetch
requests, adding the necessary headers to bypass CORS restrictions. This allows you to continue using the standard fetch
API without the need for additional code changes or workarounds.
Installation
- Add the plugin to your Tauri project's dependencies:
# src-tauri
cargo add tauri-plugin-cors-fetch
- Initialize the plugin in your Tauri application setup:
// src-tauri/main.rs
- Add permissions in your
capabilities
configuration:
// src-tauri/capabilities/default.json
- Enable
withGlobalTauri
in your Tauri configuration:
// src-tauri/tauri.conf.json
Usage
After installing and initializing the plugin, you can start making fetch
requests from your Tauri application without encountering CORS-related errors.
// Enable CORS for the hooked fetch globally (default is true on app start)
window.;
// Use the hooked fetch with CORS support
.
.
.;
// Use the hooked fetch directly
window.;
// Use the original, unhooked fetch
window.;
Note: To allow requests, you may update your Content Security Policy (CSP) to include x-http
and x-https
protocols:
// src-tauri/tauri.conf.json
How it Works
This plugin registers custom x-http
and x-https
protocols for Tauri applications. During webpage initialization, it hooks the browser's native fetch
method and redirects http
and https
requests to the x-http
and x-https
custom protocols. All traffic then goes through local native requests, and the plugin adds CORS-related headers to the response headers, effectively bypassing CORS.
Limitation
- No Custom CSP Policy Support: By default, all HTTP/HTTPS requests will be redirected to local native requests.
- No XMLHttpRequest Support: The plugin is designed specifically to work with the modern
fetch
API and does not supportXMLHttpRequest
(XHR) requests. - No Mobile Platform Support: Only desktop platforms are supported; iOS and Android have not been tested.
License
This project is licensed under the MIT License.