Skip to content

Commit

Permalink
check the main frame's origin in isolation.js (#10423)
Browse files Browse the repository at this point in the history
* check the main frame's origin in isolation.js

* add changefile

* correct changefile tag

* use strict origin checking
  • Loading branch information
chippers authored Jul 30, 2024
1 parent 8702931 commit 426d14b
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 4 deletions.
6 changes: 6 additions & 0 deletions .changes/isolation-main-frame-origin.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
"tauri": "patch:sec"
"tauri-utils": "patch:sec"
---

Explicitly check that the main frame's origin is the sender of Isolation Payloads
13 changes: 9 additions & 4 deletions core/tauri-utils/src/pattern/isolation.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@
window.parent.postMessage(message, '*')
}

/**
* @type {string} - The main frame origin.
*/
const origin = __TEMPLATE_origin__

/**
* @type {Uint8Array} - Injected by Tauri during runtime
*/
Expand All @@ -42,14 +47,14 @@
algorithm.name = 'AES-GCM'
algorithm.iv = window.crypto.getRandomValues(new Uint8Array(12))

const { contentType, data } = __RAW_process_ipc_message_fn__(payload)
const {contentType, data} = __RAW_process_ipc_message_fn__(payload)

const message =
typeof data === 'string'
? new TextEncoder().encode(data)
: ArrayBuffer.isView(data) || data instanceof ArrayBuffer
? data
: new Uint8Array(data)
? data
: new Uint8Array(data)

return window.crypto.subtle
.encrypt(algorithm, aesGcmKey, message)
Expand Down Expand Up @@ -101,7 +106,7 @@
* @param {MessageEvent<any>} event
*/
async function payloadHandler(event) {
if (!isIsolationPayload(event.data)) {
if (event.origin !== origin || !isIsolationPayload(event.data)) {
return
}

Expand Down
2 changes: 2 additions & 0 deletions core/tauri-utils/src/pattern/isolation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,8 @@ pub struct IsolationJavascriptCodegen {
pub struct IsolationJavascriptRuntime<'a> {
/// The key used on the Rust backend and the Isolation Javascript
pub runtime_aes_gcm_key: &'a [u8; 32],
/// The origin the isolation application is expecting messages from.
pub origin: String,
/// The function that processes the IPC message.
#[raw]
pub process_ipc_message_fn: &'a str,
Expand Down
1 change: 1 addition & 0 deletions core/tauri/src/manager/webview.rs
Original file line number Diff line number Diff line change
Expand Up @@ -336,6 +336,7 @@ impl<R: Runtime> WebviewManager<R> {
schema,
assets.clone(),
*crypto_keys.aes_gcm().raw(),
window_origin,
);
pending.register_uri_scheme_protocol(schema, move |request, responder| {
protocol(request, UriSchemeResponder(responder))
Expand Down
2 changes: 2 additions & 0 deletions core/tauri/src/protocol/isolation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ pub fn get<R: Runtime>(
schema: &str,
assets: Arc<EmbeddedAssets>,
aes_gcm_key: [u8; 32],
window_origin: String,
) -> UriSchemeProtocolHandler {
let frame_src = if cfg!(any(windows, target_os = "android")) {
format!("http://{schema}.localhost")
Expand All @@ -45,6 +46,7 @@ pub fn get<R: Runtime>(

let template = tauri_utils::pattern::isolation::IsolationJavascriptRuntime {
runtime_aes_gcm_key: &aes_gcm_key,
origin: window_origin.clone(),
process_ipc_message_fn: PROCESS_IPC_MESSAGE_FN,
};
match template.render(asset.as_ref(), &Default::default()) {
Expand Down

0 comments on commit 426d14b

Please sign in to comment.