check the main frame's origin in isolation.js (#10423)

* check the main frame's origin in isolation.js

* add changefile

* correct changefile tag

* use strict origin checking

.changes/isolation-main-frame-origin.md

@@ -0,0 +1,6 @@
+---
+"tauri": "patch:sec"
+"tauri-utils": "patch:sec"
+---
+
+Explicitly check that the main frame's origin is the sender of Isolation Payloads

core/tauri-utils/src/pattern/isolation.js

@@ -17,6 +17,11 @@
     window.parent.postMessage(message, '*')
   }
 
+  /**
+   * @type {string} - The main frame origin.
+   */
+  const origin = __TEMPLATE_origin__
+
   /**
    * @type {Uint8Array} - Injected by Tauri during runtime
    */
@@ -42,14 +47,14 @@
     algorithm.name = 'AES-GCM'
     algorithm.iv = window.crypto.getRandomValues(new Uint8Array(12))
 
-    const { contentType, data } = __RAW_process_ipc_message_fn__(payload)
+    const {contentType, data} = __RAW_process_ipc_message_fn__(payload)
 
     const message =
       typeof data === 'string'
         ? new TextEncoder().encode(data)
         : ArrayBuffer.isView(data) || data instanceof ArrayBuffer
-        ? data
-        : new Uint8Array(data)
+          ? data
+          : new Uint8Array(data)
 
     return window.crypto.subtle
       .encrypt(algorithm, aesGcmKey, message)
@@ -101,7 +106,7 @@
    * @param {MessageEvent<any>} event
    */
   async function payloadHandler(event) {
-    if (!isIsolationPayload(event.data)) {
+    if (event.origin !== origin || !isIsolationPayload(event.data)) {
       return
     }
 

core/tauri-utils/src/pattern/isolation.rs

@@ -156,6 +156,8 @@ pub struct IsolationJavascriptCodegen {
 pub struct IsolationJavascriptRuntime<'a> {
   /// The key used on the Rust backend and the Isolation Javascript
   pub runtime_aes_gcm_key: &'a [u8; 32],
+  /// The origin the isolation application is expecting messages from.
+  pub origin: String,
   /// The function that processes the IPC message.
   #[raw]
   pub process_ipc_message_fn: &'a str,

core/tauri/src/manager/webview.rs

@@ -336,6 +336,7 @@ impl<R: Runtime> WebviewManager<R> {
         schema,
         assets.clone(),
         *crypto_keys.aes_gcm().raw(),
+        window_origin,
       );
       pending.register_uri_scheme_protocol(schema, move |request, responder| {
         protocol(request, UriSchemeResponder(responder))

core/tauri/src/protocol/isolation.rs

@@ -20,6 +20,7 @@ pub fn get<R: Runtime>(
   schema: &str,
   assets: Arc<EmbeddedAssets>,
   aes_gcm_key: [u8; 32],
+  window_origin: String,
 ) -> UriSchemeProtocolHandler {
   let frame_src = if cfg!(any(windows, target_os = "android")) {
     format!("http://{schema}.localhost")
@@ -45,6 +46,7 @@ pub fn get<R: Runtime>(
 
           let template = tauri_utils::pattern::isolation::IsolationJavascriptRuntime {
             runtime_aes_gcm_key: &aes_gcm_key,
+            origin: window_origin.clone(),
             process_ipc_message_fn: PROCESS_IPC_MESSAGE_FN,
           };
           match template.render(asset.as_ref(), &Default::default()) {