refactor(core): custom protocol on Windows now uses the http scheme

.changes/fix-windows-custom-protocol-url.md

@@ -0,0 +1,8 @@
+---
+"tauri": patch:breaking
+"@tauri-apps/api": patch:breaking
+"@tauri-apps/cli": patch:breaking
+"tauri-cli": patch:breaking
+---
+
+The custom protocol on Windows now uses the `http` scheme instead of `https`.

core/tauri/scripts/core.js

@@ -17,9 +17,13 @@
 
   window.__TAURI__.convertFileSrc = function convertFileSrc(filePath, protocol = 'asset') {
     const path = encodeURIComponent(filePath)
-    return osName === 'windows' || osName === 'android'
-      ? `https://${protocol}.localhost/${path}`
-      : `${protocol}://localhost/${path}`
+    return osName === 'windows'
+      ? `http://${protocol}.localhost/${path}`
+      : (
+        osName === 'android'
+          ? `https://${protocol}.localhost/${path}`
+          : `${protocol}://localhost/${path}`
+      )
   }
 
   window.__TAURI__.transformCallback = function transformCallback(

core/tauri/src/manager.rs

@@ -506,10 +506,13 @@ impl<R: Runtime> WindowManager<R> {
   }
 
   pub(crate) fn protocol_url(&self) -> Cow<'_, Url> {
-    #[cfg(any(windows, target_os = "android"))]
-    return Cow::Owned(Url::parse("https://tauri.localhost").unwrap());
-    #[cfg(not(any(windows, target_os = "android")))]
-    Cow::Owned(Url::parse("tauri://localhost").unwrap())
+    if cfg!(windows) {
+      Cow::Owned(Url::parse("http://tauri.localhost").unwrap())
+    } else if cfg!(target_os = "android") {
+      Cow::Owned(Url::parse("https://tauri.localhost").unwrap())
+    } else {
+      Cow::Owned(Url::parse("tauri://localhost").unwrap())
+    }
   }
 
   fn csp(&self) -> Option<Csp> {
@@ -612,6 +615,11 @@ impl<R: Runtime> WindowManager<R> {
     let window_origin = if window_url.scheme() == "data" {
       "null".into()
     } else if cfg!(windows) && window_url.scheme() != "http" && window_url.scheme() != "https" {
+      format!("http://{}.localhost", window_url.scheme())
+    } else if cfg!(target_os = "android")
+      && window_url.scheme() != "http"
+      && window_url.scheme() != "https"
+    {
       format!("https://{}.localhost", window_url.scheme())
     } else {
       format!(
@@ -876,6 +884,8 @@ mod test {
       assert_eq!(
         manager.get_url().to_string(),
         if cfg!(windows) {
+          "http://tauri.localhost/"
+        } else if cfg!(target_os = "android") {
           "https://tauri.localhost/"
         } else {
           "tauri://localhost"

core/tauri/src/pattern.rs

@@ -109,7 +109,9 @@ pub(crate) struct PatternJavascript {
 
 #[allow(dead_code)]
 pub(crate) fn format_real_schema(schema: &str) -> String {
-  if cfg!(windows) || cfg!(target_os = "android") {
+  if cfg!(windows) {
+    format!("http://{schema}.{ISOLATION_IFRAME_SRC_DOMAIN}")
+  } else if cfg!(target_os = "android") {
     format!("https://{schema}.{ISOLATION_IFRAME_SRC_DOMAIN}")
   } else {
     format!("{schema}://{ISOLATION_IFRAME_SRC_DOMAIN}")

core/tauri/test/fixture/src-tauri/tauri.conf.json

@@ -15,7 +15,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/api/src-tauri/tauri.conf.json

@@ -92,11 +92,11 @@
     "security": {
       "csp": {
         "default-src": "'self' customprotocol: asset:",
-        "connect-src": "ipc: https://ipc.localhost",
+        "connect-src": "ipc: http://ipc.localhost https://ipc.localhost",
         "font-src": [
           "https://fonts.gstatic.com"
         ],
-        "img-src": "'self' asset: https://asset.localhost blob: data:",
+        "img-src": "'self' asset: http://asset.localhost https://asset.localhost blob: data:",
         "style-src": "'unsafe-inline' 'self' https://fonts.googleapis.com"
       },
       "freezePrototype": true,
@@ -114,4 +114,4 @@
       }
     }
   }
-}
+}

examples/commands/tauri.conf.json

@@ -51,7 +51,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/helloworld/tauri.conf.json

@@ -50,7 +50,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/isolation/tauri.conf.json

@@ -60,7 +60,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/multiwindow/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/navigation/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/parent-window/tauri.conf.json

@@ -31,7 +31,7 @@
       "category": "DeveloperTool"
     },
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/resources/src-tauri/tauri.conf.json

@@ -53,7 +53,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/splashscreen/tauri.conf.json

@@ -44,7 +44,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/state/tauri.conf.json

@@ -51,7 +51,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

examples/streaming/tauri.conf.json

@@ -1,8 +1,12 @@
 {
   "$schema": "../../core/tauri-config-schema/schema.json",
   "build": {
-    "distDir": ["index.html"],
-    "devPath": ["index.html"],
+    "distDir": [
+      "index.html"
+    ],
+    "devPath": [
+      "index.html"
+    ],
     "beforeDevCommand": "",
     "beforeBuildCommand": "",
     "withGlobalTauri": true
@@ -47,10 +51,12 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self' ipc:; media-src stream: https://stream.localhost asset: https://asset.localhost",
+      "csp": "default-src 'self' ipc:; media-src stream: http://stream.localhost https://stream.localhost asset: http://asset.localhost https://asset.localhost",
       "assetProtocol": {
-        "scope": ["**/test_video.mp4"]
+        "scope": [
+          "**/test_video.mp4"
+        ]
       }
     }
   }
-}
+}

examples/tauri-dynamic-lib/src-tauri/tauri.conf.json

@@ -50,7 +50,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

tooling/api/src/tauri.ts

@@ -181,8 +181,8 @@ async function invoke<T>(
 
 /**
  * Convert a device file path to an URL that can be loaded by the webview.
- * Note that `asset:` and `https://asset.localhost` must be added to [`tauri.security.csp`](https://tauri.app/v1/api/config/#securityconfig.csp) in `tauri.conf.json`.
- * Example CSP value: `"csp": "default-src 'self' ipc: https://ipc.localhost; img-src 'self' asset: https://asset.localhost"` to use the asset protocol on image sources.
+ * Note that `asset:`, `http://asset.localhost` and `https://asset.localhost` must be added to [`tauri.security.csp`](https://tauri.app/v1/api/config/#securityconfig.csp) in `tauri.conf.json`.
+ * Example CSP value: `"csp": "default-src 'self' ipc: http://ipc.localhost https://ipc.localhost; img-src 'self' asset: http://asset.localhost https://asset.localhost"` to use the asset protocol on image sources.
  *
  * Additionally, `asset` must be added to [`tauri.allowlist.protocol`](https://tauri.app/v1/api/config/#allowlistconfig.protocol)
  * in `tauri.conf.json` and its access scope must be defined on the `assetScope` array on the same `protocol` object.

tooling/bench/tests/cpu_intensive/src-tauri/tauri.conf.json

@@ -43,7 +43,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

tooling/bench/tests/files_transfer/src-tauri/tauri.conf.json

@@ -43,7 +43,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

tooling/bench/tests/helloworld/src-tauri/tauri.conf.json

@@ -43,7 +43,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }

tooling/cli/src/migrate/config.rs

@@ -85,21 +85,24 @@ fn process_security(security: &mut Map<String, Value>) -> Result<()> {
       match &mut csp {
         tauri_utils_v1::config::Csp::Policy(csp) => {
           if csp.contains("connect-src") {
-            *csp = csp.replace("connect-src", "connect-src ipc: https://ipc.localhost");
+            *csp = csp.replace(
+              "connect-src",
+              "connect-src ipc: http://ipc.localhost https://ipc.localhost",
+            );
           } else {
-            *csp = format!("{csp}; connect-src ipc: https://ipc.localhost");
+            *csp = format!("{csp}; connect-src ipc: http://ipc.localhost https://ipc.localhost");
           }
         }
         tauri_utils_v1::config::Csp::DirectiveMap(csp) => {
           if let Some(connect_src) = csp.get_mut("connect-src") {
-            if !connect_src.contains("ipc: https://ipc.localhost") {
-              connect_src.push("ipc: https://ipc.localhost");
+            if !connect_src.contains("ipc: http://ipc.localhost https://ipc.localhost") {
+              connect_src.push("ipc: http://ipc.localhost https://ipc.localhost");
             }
           } else {
             csp.insert(
               "connect-src".into(),
               tauri_utils_v1::config::CspDirectiveSources::List(vec![
-                "ipc: https://ipc.localhost".to_string()
+                "ipc: http://ipc.localhost https://ipc.localhost".to_string(),
               ]),
             );
           }
@@ -331,7 +334,7 @@ mod test {
     assert_eq!(
       migrated["tauri"]["security"]["csp"],
       format!(
-        "{}; connect-src ipc: https://ipc.localhost",
+        "{}; connect-src ipc: http://ipc.localhost https://ipc.localhost",
         original["tauri"]["security"]["csp"].as_str().unwrap()
       )
     );
@@ -358,7 +361,7 @@ mod test {
     assert!(migrated["tauri"]["security"]["csp"]["connect-src"]
       .as_array()
       .expect("connect-src isn't an array")
-      .contains(&"ipc: https://ipc.localhost".into()));
+      .contains(&"ipc: http://ipc.localhost https://ipc.localhost".into()));
   }
 
   #[test]
@@ -385,7 +388,7 @@ mod test {
         .as_str()
         .expect("connect-src isn't a string"),
       format!(
-        "{} ipc: https://ipc.localhost",
+        "{} ipc: http://ipc.localhost https://ipc.localhost",
         original["tauri"]["security"]["csp"]["connect-src"]
           .as_str()
           .unwrap()

tooling/cli/templates/plugin/__example-basic/vanilla/src-tauri/tauri.conf.json

@@ -50,7 +50,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'; connect-src ipc: https://ipc.localhost"
+      "csp": "default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'; connect-src ipc: http://ipc.localhost https://ipc.localhost"
     }
   }
 }