From 8ce5b7626478db5c4767e894d005fafb79aa5a7f Mon Sep 17 00:00:00 2001
From: Lucas Nogueira <lucas@tauri.studio>
Date: Fri, 10 Jun 2022 15:54:26 -0300
Subject: [PATCH] fix: scope check when using the HTTP API to upload files
 closes #4312

---
 .changes/fix-http-multipart-file-validation.md | 5 +++++
 core/tauri/src/endpoints/http.rs               | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 .changes/fix-http-multipart-file-validation.md

diff --git a/.changes/fix-http-multipart-file-validation.md b/.changes/fix-http-multipart-file-validation.md
new file mode 100644
index 00000000000..5701d0d63b8
--- /dev/null
+++ b/.changes/fix-http-multipart-file-validation.md
@@ -0,0 +1,5 @@
+---
+"tauri": patch
+---
+
+Fixes filesystem scope check when using the HTTP API to upload files.
diff --git a/core/tauri/src/endpoints/http.rs b/core/tauri/src/endpoints/http.rs
index 05a7d4e44b7..de3fe05b04c 100644
--- a/core/tauri/src/endpoints/http.rs
+++ b/core/tauri/src/endpoints/http.rs
@@ -103,7 +103,7 @@ impl Cmd {
           } = value
           {
             if crate::api::file::SafePathBuf::new(path.clone()).is_err()
-              || scopes.fs.is_allowed(&path)
+              || !scopes.fs.is_allowed(&path)
             {
               return Err(crate::Error::PathNotAllowed(path.clone()).into_anyhow());
             }