Struct tauri_utils::config::SecurityConfig
source · pub struct SecurityConfig {
pub csp: Option<Csp>,
pub dev_csp: Option<Csp>,
pub freeze_prototype: bool,
pub dangerous_disable_asset_csp_modification: DisabledCspModificationKind,
}
Expand description
Security configuration.
Fields
csp: Option<Csp>
The Content Security Policy that will be injected on all HTML files on the built application.
If dev_csp
is not specified, this value is also injected on dev.
This is a really important part of the configuration since it helps you ensure your WebView is secured. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.
dev_csp: Option<Csp>
The Content Security Policy that will be injected on all HTML files on development.
This is a really important part of the configuration since it helps you ensure your WebView is secured. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.
freeze_prototype: bool
Freeze the Object.prototype
when using the custom protocol.
dangerous_disable_asset_csp_modification: DisabledCspModificationKind
Disables the Tauri-injected CSP sources.
At compile time, Tauri parses all the frontend assets and changes the Content-Security-Policy to only allow loading of your own scripts and styles by injecting nonce and hash sources. This stricts your CSP, which may introduce issues when using along with other flexing sources.
This configuration option allows both a boolean and a list of strings as value. A boolean instructs Tauri to disable the injection for all CSP injections, and a list of strings indicates the CSP directives that Tauri cannot inject.
WARNING: Only disable this if you know what you are doing and have properly configured the CSP. Your application might be vulnerable to XSS attacks without this Tauri protection.
Trait Implementations
sourceimpl Clone for SecurityConfig
impl Clone for SecurityConfig
sourcefn clone(&self) -> SecurityConfig
fn clone(&self) -> SecurityConfig
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more