Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bug] HttpAllowlistScope to allow all ports on localhost #5208

Closed
abeggchr opened this issue Sep 16, 2022 · 3 comments
Closed

[bug] HttpAllowlistScope to allow all ports on localhost #5208

abeggchr opened this issue Sep 16, 2022 · 3 comments
Labels
status: needs triage This issue needs to triage, applied to new issues type: bug

Comments

@abeggchr
Copy link

Describe the bug

It does not seem to be possible to configure a scope under allowlist > http which allows all ports on localhost.

Reproduction

  1. In tauri.conf.json under tauri > allowlist > http > scope add an empty array.
  2. Insert scope value "http://**" in the empty array.
  3. Start Tauri
  4. In the application, make a HTTP request to http://localhost:8080/api
  5. The request is successful
  6. Change scope value to "http://localhost:**", start Tauri
  7. Behavior: Tauri does not start with error message Malformed URI: invalid port number
  8. Change scope value to "http://localhost", start Tauri
  9. Behavior: the request fails because url not allowed on the configured scope: http://localhost:8080/api"

Expected behavior

It should be possible to configure a scope under allowlist > http which allows all ports on localhost so that Tauri starts and requests can be executed.

Platform and versions

Environment
› OS: Windows 10.0.22000 X64
› Webview2: 105.0.1343.33
› MSVC:
- Visual Studio Professional 2022
- Visual Studio Build Tools 2017
› Node.js: 16.16.0
› npm: 8.18.0
› pnpm: 6.11.0
› yarn: 1.22.15
› rustup: 1.25.1
› rustc: 1.63.0
› cargo: 1.63.0
› Rust toolchain: stable-x86_64-pc-windows-msvc

Packages
› @tauri-apps/cli [NPM]: 1.0.5 (outdated, latest: 1.1.0)
› @tauri-apps/api [NPM]: 1.0.2 (outdated, latest: 1.1.0)
› tauri [RUST]: 1.0.5,
› tauri-build [RUST]: 1.0.4,
› tao [RUST]: 0.12.2,
› wry [RUST]: 0.19.0,

App
› build-type: bundle
› CSP: unset
› distDir: ../dist
› devPath: http://localhost:5173/
› framework: React

App directory structure
├─ .idea
├─ dist
├─ node_modules
├─ public
├─ src
└─ src-tauri

Stack trace

No response

Additional context

Trying to allow all local ports because port is assigned dynamically.

@abeggchr abeggchr added status: needs triage This issue needs to triage, applied to new issues type: bug labels Sep 16, 2022
@amrbashir
Copy link
Member

http://localhost:** can't be deserialized into a Url struct so you need to use https://localhost**

@amrbashir amrbashir closed this as not planned Won't fix, can't repro, duplicate, stale Sep 16, 2022
@FabianLars
Copy link
Member

It actually fails before that already in the schema validation, so we couldn't really handle that manually in rust even if we wanted to :/

@VassilisM
Copy link

Hi, https://localhost** also fails...
thread 'main' panicked at 'scoped URL is not a valid glob pattern: https://localhost**/', ...

@amrbashir amrbashir reopened this May 9, 2023
lucasfernog added a commit that referenced this issue May 30, 2023
Co-authored-by: wusyong <[email protected]>
Co-authored-by: Fabian-Lars <[email protected]>
Co-authored-by: Lucas Nogueira <[email protected]>
Co-authored-by: Simon Hyll <[email protected]>
Co-authored-by: Lucas Fernandes Nogueira <[email protected]>
Co-authored-by: Lucas Nogueira <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Lucas Fernandes Nogueira <[email protected]>
Co-authored-by: Amr Bashir <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: chip <[email protected]>
Co-authored-by: Raphii <[email protected]>
Co-authored-by: Ronie Martinez <[email protected]>
Co-authored-by: hanaTsuk1 <[email protected]>
Co-authored-by: nathan-fall <[email protected]>
Co-authored-by: Akshay <[email protected]>
Co-authored-by: KurikoMoe <[email protected]>
Co-authored-by: Guilherme Oenning <[email protected]>
Co-authored-by: Pierre Cashon <[email protected]>
Co-authored-by: Jack Wills <[email protected]>
Co-authored-by: Amirhossein Akhlaghpour <[email protected]>
Co-authored-by: Risto Stevcev <[email protected]>
Co-authored-by: Soumt <[email protected]>
Co-authored-by: yutotnh <[email protected]>
Co-authored-by: Gökçe Merdun <[email protected]>
Co-authored-by: Nathanael Rea <[email protected]>
Co-authored-by: Usman Rajab <[email protected]>
Co-authored-by: Francis The Basilisk <[email protected]>
Co-authored-by: Lej77 <[email protected]>
Co-authored-by: Tomáš Diblík <[email protected]>
Co-authored-by: Jonas Kruckenberg <[email protected]>
Co-authored-by: Pascal Sommer <[email protected]>
Co-authored-by: Bo <[email protected]>
Co-authored-by: Kevin Yue <[email protected]>
fixed grammar and typos (#6937)
Fix api.js docs pipeline with updated typedoc dependencies (#6945)
closes #6887 (#6922)
fix(core): Fix `WindowBuilder::on_navigation` handler never registerd, closes #6865 (#6921)
fix(core): Fix `WindowBuilder::on_navigation` handler never registerd, closes #6865
fix broken symlinks in license files (#6336)
fix(cli): fix cli connection timeout to dev server (fix #6045) (#6046)
fix(bundler): ensure that there are no duplicate extension arguments when bundling on Windows, fixes #6103 (#6917)
fix(bundler): ensure that there are no duplicate extension arguments during bundling on Windows (fix #6103)
closes #5491 (#6408)
fix(nsis): prefill $INSTDIR with previous install path and respect `/D` flag, closes #6928 (#6935)
fix(nsis): prefill $INSTDIR with previous install path and respect `/D` flag, closes #6928
fix(updater): emit `UPTODATE` when server responds with 204, closes #6934 (#6970)
fix(core): unpin all dependencies, closes #6944 (#6966)
fix(bundler): Add new lang_file option in persian variant. (#6972)
fix(core/ipc): access url through webview native object, closes #6889 (#6976)
fix(core): remove trailing slash in http scope url, closes #5208 (#6974)
fix(core): remove trailing slash in http scope url, closes #5208
fix(cli): find correct binary when `--profile` is used, closes #6954 (#6979)
fix(cli): find correct binary when `--profile` is used, closes #6954
closes #6955 (#6987)
closes #6955
closes #6158 (#6969)
closes #6158
fix(cli): improve vs build tools detection (#6982)
fix: updated appimage script to follow symlinks for /usr/lib* (fix: #6992) (#6996)
fix(cli): correctly remove Cargo features (#7013)
Fix typo (#7012)
fix(cli): revert metadata.json field rename from #6795 (#7029)
closes #6732 (#6736)
fix: add missing file properties on Windows, closes #6676 (#6693)
fix(cli.js): detect node-20 binary (#6667)
fix version-or-publish workflow (#7031)
fix(cli/devserver): inject autoreload into HTML only, closes #6997 (#7032)
fix(bundler/nsis): write installer templates UTF16LE encoded, closes #7036 (#7040)
fix(bundler/nsis): write installer templates UTF16LE encoded, closes #7036
fix(core): rewrite `asset` protocol streaming, closes #6375 (#6390)
closes #5939 (#5960)
fix(core): use `safe_block_on` (#7047)
closes #6859 (#6933)
closes #6955 (#6998)
fix(core): populate webview_attrs from config, closes #6794 (#6797)
closes #5176 (#5180)
fix: sound for notifications on windows (fix #6652) (#6680)
close native window's buttons, closes #2353 (#6665)
fix(bundler/nsis): calculate accurate app size, closes #7056 (#7057)
fix(tests): only download update when it is available (#7061)
closes #6706 (#6712)
fix(doc): correct the doc of `content_protected()` (#7065)
closes #6472 (#6530)
fix(macros): use full path to Result to avoid issues with type aliases (#7071)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: needs triage This issue needs to triage, applied to new issues type: bug
Projects
None yet
Development

No branches or pull requests

4 participants