fix(csp): add 'self' (#1794)

Co-authored-by: Lucas Nogueira <lucas@tauri.studio>

.changes/csp-self.md

@@ -0,0 +1,5 @@
+---
+"cli.rs": patch
+---
+
+Add `'self'` to default CSP because otherwise no joy on macOS.

core/tauri/test/fixture/src-tauri/tauri.conf.json

@@ -18,7 +18,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/api/src-tauri/tauri.conf.json

@@ -78,7 +78,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
     },
     "systemTray": {
       "iconPath": "../../.icons/icon.png"

examples/commands/src-tauri/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/helloworld/src-tauri/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/multiwindow/src-tauri/tauri.conf.json

@@ -39,7 +39,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/navigation/src-tauri/tauri.conf.json

@@ -48,7 +48,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/params/src-tauri/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/splashscreen/src-tauri/tauri.conf.json

@@ -42,7 +42,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'  img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'  img-src: 'self'"
     },
     "updater": {
       "active": false

examples/state/src-tauri/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": false

examples/updater/src-tauri/tauri.conf.json

@@ -47,7 +47,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self'"
     },
     "updater": {
       "active": true,

tooling/cli.rs/templates/src-tauri/tauri.conf.json

@@ -61,7 +61,7 @@
       }
     ],
     "security": {
-      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' img-src: 'self'"
+      "csp": "default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'"
     }
   }
 }