feat(core): set CORS headers on protocol errors (#8419)

lucasfernog · web-flow · commit 11a1529d6ace · 2023-12-18T20:54:40.000-03:00
* feat(core): set CORS headers on protocol errors

This ensures the frontend can read the error message instead of just showing a CORS error

* fix statuscode
diff --git a/.changes/fix-protocol-response.md b/.changes/fix-protocol-response.md
@@ -0,0 +1,5 @@
+---
+"tauri": patch:enhance
+---
+
+Include CORS header on custom protocol response errors to ensure frontend can read the error message.
diff --git a/core/tauri/src/protocol/asset.rs b/core/tauri/src/protocol/asset.rs
@@ -19,6 +19,7 @@ pub fn get(scope: scope::fs::Scope, window_origin: String) -> UriSchemeProtocolH
         http::Response::builder()
           .status(http::StatusCode::BAD_REQUEST)
           .header(CONTENT_TYPE, mime::TEXT_PLAIN.essence_str())
+          .header("Access-Control-Allow-Origin", &window_origin)
           .body(e.to_string().as_bytes().to_vec())
           .unwrap(),
       ),
@@ -36,24 +37,18 @@ fn get_response(
     .decode_utf8_lossy()
     .to_string();
 
+  let mut resp = Response::builder().header("Access-Control-Allow-Origin", window_origin);
+
   if let Err(e) = SafePathBuf::new(path.clone().into()) {
     debug_eprintln!("asset protocol path \"{}\" is not valid: {}", path, e);
-    return Response::builder()
-      .status(403)
-      .body(Vec::new().into())
-      .map_err(Into::into);
+    return resp.status(403).body(Vec::new().into()).map_err(Into::into);
   }
 
   if !scope.is_allowed(&path) {
     debug_eprintln!("asset protocol not configured to allow the path: {}", path);
-    return Response::builder()
-      .status(403)
-      .body(Vec::new().into())
-      .map_err(Into::into);
+    return resp.status(403).body(Vec::new().into()).map_err(Into::into);
   }
 
-  let mut resp = Response::builder().header("Access-Control-Allow-Origin", window_origin);
-
   let (mut file, len, mime_type, read_bytes) = crate::async_runtime::safe_block_on(async move {
     let mut file = File::open(&path).await?;
 
diff --git a/core/tauri/src/protocol/tauri.rs b/core/tauri/src/protocol/tauri.rs
@@ -57,6 +57,7 @@ pub fn get<R: Runtime>(
         HttpResponse::builder()
           .status(StatusCode::BAD_REQUEST)
           .header(CONTENT_TYPE, mime::TEXT_PLAIN.essence_str())
+          .header("Access-Control-Allow-Origin", &window_origin)
           .body(e.to_string().as_bytes().to_vec())
           .unwrap(),
       ),
