Skip to content

Commit

Permalink
fix(core): change default freezePrototype to false, closes #3416 #3406
Browse files Browse the repository at this point in the history
  • Loading branch information
lucasfernog authored Feb 12, 2022
1 parent c010360 commit 3a4c016
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 22 deletions.
6 changes: 6 additions & 0 deletions .changes/fix-default-freeze-prototype.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
"tauri": patch
"tauri-utils": patch
---

Change default value for the `freezePrototype` configuration to `false`.
2 changes: 1 addition & 1 deletion core/tauri-codegen/src/embedded_assets.rs
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ impl AssetOptions {
Self {
csp: false,
pattern,
freeze_prototype: true,
freeze_prototype: false,
#[cfg(feature = "isolation")]
isolation_schema: format!("isolation-{}", uuid::Uuid::new_v4()),
}
Expand Down
20 changes: 3 additions & 17 deletions core/tauri-utils/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -573,7 +573,7 @@ fn default_file_drop_enabled() -> bool {

/// Security configuration.
#[skip_serializing_none]
#[derive(Debug, PartialEq, Clone, Deserialize, Serialize)]
#[derive(Debug, Default, PartialEq, Clone, Deserialize, Serialize)]
#[cfg_attr(feature = "schema", derive(JsonSchema))]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct SecurityConfig {
Expand All @@ -589,24 +589,10 @@ pub struct SecurityConfig {
/// See <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>.
pub dev_csp: Option<String>,
/// Freeze the `Object.prototype` when using the custom protocol.
#[serde(default = "default_freeze_prototype")]
#[serde(default)]
pub freeze_prototype: bool,
}

impl Default for SecurityConfig {
fn default() -> Self {
Self {
csp: None,
dev_csp: None,
freeze_prototype: default_freeze_prototype(),
}
}
}

fn default_freeze_prototype() -> bool {
true
}

/// Defines an allowlist type.
pub trait Allowlist {
/// Returns all features associated with the allowlist struct.
Expand Down Expand Up @@ -2558,7 +2544,7 @@ mod test {
security: SecurityConfig {
csp: None,
dev_csp: None,
freeze_prototype: true,
freeze_prototype: false,
},
allowlist: AllowlistConfig::default(),
system_tray: None,
Expand Down
3 changes: 2 additions & 1 deletion examples/api/src-tauri/tauri.conf.json
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,8 @@
}
],
"security": {
"csp": "default-src 'self' customprotocol: img-src: 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; img-src 'self' asset: https://asset.localhost blob: data:; font-src https://fonts.gstatic.com"
"csp": "default-src 'self' customprotocol: img-src: 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; img-src 'self' asset: https://asset.localhost blob: data:; font-src https://fonts.gstatic.com",
"freezePrototype": true
},
"systemTray": {
"iconPath": "../../.icons/tray_icon_with_transparency.png",
Expand Down
6 changes: 3 additions & 3 deletions tooling/cli/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@
"use": "brownfield"
},
"security": {
"freezePrototype": true
"freezePrototype": false
},
"updater": {
"active": false,
Expand Down Expand Up @@ -1294,7 +1294,7 @@
},
"freezePrototype": {
"description": "Freeze the `Object.prototype` when using the custom protocol.",
"default": true,
"default": false,
"type": "boolean"
}
},
Expand Down Expand Up @@ -1609,7 +1609,7 @@
"security": {
"description": "Security configuration.",
"default": {
"freezePrototype": true
"freezePrototype": false
},
"allOf": [
{
Expand Down

0 comments on commit 3a4c016

Please sign in to comment.