Skip to content

Commit

Permalink
fix(core): remove trailing slash in http scope url, closes #5208
Browse files Browse the repository at this point in the history
  • Loading branch information
amrbashir committed May 16, 2023
1 parent 3cc295e commit c892500
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 5 deletions.
5 changes: 5 additions & 0 deletions .changes/config-scope-url.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'tauri-utils': 'patch'
---

Fix parsing `allowlist > http > scope` urls that added a trailing slash which broke matching the incoming requests url.
2 changes: 1 addition & 1 deletion core/tauri-config-schema/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -2431,7 +2431,7 @@
"additionalProperties": false
},
"HttpAllowlistScope": {
"description": "HTTP API scope definition. It is a list of URLs that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples: - \"https://**\": allows all HTTPS urls - \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path - \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"description": "HTTP API scope definition. It is a list of URLs that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples: - \"https://*\": allows all HTTPS urls - \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path - \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"type": "array",
"items": {
"type": "string",
Expand Down
4 changes: 3 additions & 1 deletion core/tauri-utils/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1892,11 +1892,13 @@ impl Allowlist for DialogAllowlistConfig {
/// The scoped URL is matched against the request URL using a glob pattern.
///
/// Examples:
/// - "https://**": allows all HTTPS urls
/// - "https://*": allows all HTTPS urls
/// - "https://*.github.com/tauri-apps/tauri": allows any subdomain of "github.com" with the "tauri-apps/api" path
/// - "https://myapi.service.com/users/*": allows access to any URLs that begins with "https://myapi.service.com/users/"
#[allow(rustdoc::bare_urls)]
#[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize, Serialize)]
// TODO: in v2, parse into a String or a custom type that perserves the
// glob string because Url type will add a trailing slash
#[cfg_attr(feature = "schema", derive(JsonSchema))]
pub struct HttpAllowlistScope(pub Vec<Url>);

Expand Down
9 changes: 7 additions & 2 deletions core/tauri/src/scope/http.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,13 @@ impl Scope {
.0
.iter()
.map(|url| {
glob::Pattern::new(url.as_str())
.unwrap_or_else(|_| panic!("scoped URL is not a valid glob pattern: `{url}`"))
glob::Pattern::new(
url
.as_str()
.strip_suffix('/')
.unwrap_or_else(|| url.as_str()),
)
.unwrap_or_else(|_| panic!("scoped URL is not a valid glob pattern: `{url}`"))
})
.collect(),
}
Expand Down
2 changes: 1 addition & 1 deletion tooling/cli/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -2431,7 +2431,7 @@
"additionalProperties": false
},
"HttpAllowlistScope": {
"description": "HTTP API scope definition. It is a list of URLs that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples: - \"https://**\": allows all HTTPS urls - \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path - \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"description": "HTTP API scope definition. It is a list of URLs that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples: - \"https://*\": allows all HTTPS urls - \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path - \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"type": "array",
"items": {
"type": "string",
Expand Down

0 comments on commit c892500

Please sign in to comment.