Struct tauri_utils::config::SecurityConfig

source · 
pub struct SecurityConfig {
    pub csp: Option<Csp>,
    pub dev_csp: Option<Csp>,
    pub freeze_prototype: bool,
    pub dangerous_disable_asset_csp_modification: DisabledCspModificationKind,
    pub dangerous_remote_domain_ipc_access: Vec<RemoteDomainAccessScope>,
    pub dangerous_use_http_scheme: bool,
}
Expand description

Security configuration.

See more: https://tauri.app/v1/api/config#securityconfig

Fields§

§csp: Option<Csp>

The Content Security Policy that will be injected on all HTML files on the built application. If dev_csp is not specified, this value is also injected on dev.

This is a really important part of the configuration since it helps you ensure your WebView is secured. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.

§dev_csp: Option<Csp>

The Content Security Policy that will be injected on all HTML files on development.

This is a really important part of the configuration since it helps you ensure your WebView is secured. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.

§freeze_prototype: bool

Freeze the Object.prototype when using the custom protocol.

§dangerous_disable_asset_csp_modification: DisabledCspModificationKind

Disables the Tauri-injected CSP sources.

At compile time, Tauri parses all the frontend assets and changes the Content-Security-Policy to only allow loading of your own scripts and styles by injecting nonce and hash sources. This stricts your CSP, which may introduce issues when using along with other flexing sources.

This configuration option allows both a boolean and a list of strings as value. A boolean instructs Tauri to disable the injection for all CSP injections, and a list of strings indicates the CSP directives that Tauri cannot inject.

WARNING: Only disable this if you know what you are doing and have properly configured the CSP. Your application might be vulnerable to XSS attacks without this Tauri protection.

§dangerous_remote_domain_ipc_access: Vec<RemoteDomainAccessScope>

Allow external domains to send command to Tauri.

By default, external domains do not have access to window.__TAURI__, which means they cannot communicate with the commands defined in Rust. This prevents attacks where an externally loaded malicious or compromised sites could start executing commands on the user’s device.

This configuration allows a set of external domains to have access to the Tauri commands. When you configure a domain to be allowed to access the IPC, all subpaths are allowed. Subdomains are not allowed.

WARNING: Only use this option if you either have internal checks against malicious external sites or you can trust the allowed external sites. You application might be vulnerable to dangerous Tauri command related attacks otherwise.

§dangerous_use_http_scheme: bool

Sets whether the custom protocols should use http://<scheme>.localhost instead of the default https://<scheme>.localhost on Windows.

WARNING: Using a http scheme will allow mixed content when trying to fetch http endpoints and is therefore less secure but will match the behavior of the <scheme>://localhost protocols used on macOS and Linux.

Trait Implementations§

source§

impl Clone for SecurityConfig

source§

fn clone(&self) -> SecurityConfig

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for SecurityConfig

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for SecurityConfig

source§

fn default() -> SecurityConfig

Returns the “default value” for a type. Read more
source§

impl<'de> Deserialize<'de> for SecurityConfig

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl PartialEq for SecurityConfig

source§

fn eq(&self, other: &SecurityConfig) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Serialize for SecurityConfig

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
source§

impl Eq for SecurityConfig

source§

impl StructuralPartialEq for SecurityConfig

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,