fix(csp): add 'self' (#1794)

nothingismagick · lucasfernog · web-flow · commit 12268e6e69dc · 2021-05-12T09:45:39.000-03:00
Co-authored-by: Lucas Nogueira &lt;lucas@tauri.studio&gt;
diff --git a/.changes/csp-self.md b/.changes/csp-self.md
@@ -0,0 +1,5 @@
+---
+"cli.rs": patch
+---
+
+Add `'self'` to default CSP because otherwise no joy on macOS.
diff --git a/core/tauri/test/fixture/src-tauri/tauri.conf.json b/core/tauri/test/fixture/src-tauri/tauri.conf.json
@@ -18,7 +18,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/api/src-tauri/tauri.conf.json b/examples/api/src-tauri/tauri.conf.json
@@ -78,7 +78,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
     },
     "systemTray": {
       "iconPath": "../../.icons/icon.png"
diff --git a/examples/commands/src-tauri/tauri.conf.json b/examples/commands/src-tauri/tauri.conf.json
@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/helloworld/src-tauri/tauri.conf.json b/examples/helloworld/src-tauri/tauri.conf.json
@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/multiwindow/src-tauri/tauri.conf.json b/examples/multiwindow/src-tauri/tauri.conf.json
@@ -39,7 +39,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/navigation/src-tauri/tauri.conf.json b/examples/navigation/src-tauri/tauri.conf.json
@@ -48,7 +48,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/params/src-tauri/tauri.conf.json b/examples/params/src-tauri/tauri.conf.json
@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/splashscreen/src-tauri/tauri.conf.json b/examples/splashscreen/src-tauri/tauri.conf.json
@@ -42,7 +42,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'  img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'  img-src: 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/state/src-tauri/tauri.conf.json b/examples/state/src-tauri/tauri.conf.json
@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false
diff --git a/examples/updater/src-tauri/tauri.conf.json b/examples/updater/src-tauri/tauri.conf.json
@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": true,
diff --git a/tooling/cli.rs/templates/src-tauri/tauri.conf.json b/tooling/cli.rs/templates/src-tauri/tauri.conf.json
@@ -61,7 +61,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
     }
   }
 }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"cli.rs": patch
 +---
++
 +Add `'self'` to default CSP because otherwise no joy on macOS.
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`}`
`19`	`19`	`],`
`20`	`20`	`"security": {`
`21`		`- "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"`
	`21`	`+ "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"`
`22`	`22`	`},`
`23`	`23`	`"updater": {`
`24`	`24`	`"active": false`
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@`
`78`	`78`	`}`
`79`	`79`	`],`
`80`	`80`	`"security": {`
`81`		`- "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' img-src: 'self'"`
	`81`	`+ "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"`
`82`	`82`	`},`
`83`	`83`	`"systemTray": {`
`84`	`84`	`"iconPath": "../../.icons/icon.png"`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@`
`47`	`47`	`}`
`48`	`48`	`],`
`49`	`49`	`"security": {`
`50`		`- "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"`
	`50`	`+ "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"`
`51`	`51`	`},`
`52`	`52`	`"updater": {`
`53`	`53`	`"active": false`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@`
`39`	`39`	`}`
`40`	`40`	`],`
`41`	`41`	`"security": {`
`42`		`- "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"`
	`42`	`+ "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"`
`43`	`43`	`},`
`44`	`44`	`"updater": {`
`45`	`45`	`"active": false`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@`
`48`	`48`	`}`
`49`	`49`	`],`
`50`	`50`	`"security": {`
`51`		`- "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"`
	`51`	`+ "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"`
`52`	`52`	`},`
`53`	`53`	`"updater": {`
`54`	`54`	`"active": false`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`	`}`
`43`	`43`	`],`
`44`	`44`	`"security": {`
`45`		`- "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' img-src: 'self'"`
	`45`	`+ "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"`
`46`	`46`	`},`
`47`	`47`	`"updater": {`
`48`	`48`	`"active": false`