преди 1 година · bc5b5e671a
--- a/.changes/csp-header-linux.md
+++ b/.changes/csp-header-linux.md
@@ -0,0 +1,7 @@
 
				+---
			
 
				+"tauri": patch:enhance
			
 
				+"tauri-utils": patch:enhance
			
 
				+"tauri-codegen": patch:enhance
			
 
				+---
			
 
				+
			
 
				+Do not include a CSP tag in the application HTML and rely on the custom protocol response header instead.
			
--- a/core/tauri-codegen/src/context.rs
+++ b/core/tauri-codegen/src/context.rs
@@ -40,7 +40,6 @@ pub struct ContextData {
 
				 
			
 
				 fn map_core_assets(
			
 
				   options: &AssetOptions,
			
 
				-  target: Target,
			
 
				 ) -> impl Fn(&AssetKey, &Path, &mut Vec<u8>, &mut CspHashes) -> Result<(), EmbeddedAssetsError> {
			
 
				   #[cfg(feature = "isolation")]
			
 
				   let pattern = tauri_utils::html::PatternObject::from(&options.pattern);
			
@@ -53,10 +52,6 @@ fn map_core_assets(
 
				       if csp {
			
 
				         let document = parse_html(String::from_utf8_lossy(input).into_owned());
			
 
				 
			
 
				-        if target == Target::Linux {
			
 
				-          ::tauri_utils::html::inject_csp_token(&document);
			
 
				-        }
			
 
				-
			
 
				         inject_nonce_token(&document, &dangerous_disable_asset_csp_modification);
			
 
				 
			
 
				         if dangerous_disable_asset_csp_modification.can_modify("script-src") {
			
@@ -176,7 +171,7 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
 
				               path
			
 
				             )
			
 
				           }
			
 
				-          EmbeddedAssets::new(assets_path, &options, map_core_assets(&options, target))?
			
 
				+          EmbeddedAssets::new(assets_path, &options, map_core_assets(&options))?
			
 
				         }
			
 
				         FrontendDist::Files(files) => EmbeddedAssets::new(
			
 
				           files
			
@@ -184,7 +179,7 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
 
				             .map(|p| config_parent.join(p))
			
 
				             .collect::<Vec<_>>(),
			
 
				           &options,
			
 
				-          map_core_assets(&options, target),
			
 
				+          map_core_assets(&options),
			
 
				         )?,
			
 
				         _ => unimplemented!(),
			
 
				       },
			
--- a/core/tauri-runtime-wry/src/lib.rs
+++ b/core/tauri-runtime-wry/src/lib.rs
@@ -2854,7 +2854,6 @@ fn handle_user_message<T: UserEvent>(
 
				           }
			
 
				           // Getters
			
 
				           WebviewMessage::Url(tx) => {
			
 
				-            println!("url getter");
			
 
				             tx.send(webview.url().parse().unwrap()).unwrap();
			
 
				           }
			
 
				           WebviewMessage::Position(tx) => {
			
--- a/core/tauri-utils/src/html.rs
+++ b/core/tauri-utils/src/html.rs
@@ -23,8 +23,6 @@ use crate::config::{DisabledCspModificationKind, PatternKind};
 
				 #[cfg(feature = "isolation")]
			
 
				 use crate::pattern::isolation::IsolationJavascriptCodegen;
			
 
				 
			
 
				-/// The token used on the CSP tag content.
			
 
				-pub const CSP_TOKEN: &str = "__TAURI_CSP__";
			
 
				 /// The token used for script nonces.
			
 
				 pub const SCRIPT_NONCE_TOKEN: &str = "__TAURI_SCRIPT_NONCE__";
			
 
				 /// The token used for style nonces.
			
@@ -168,11 +166,6 @@ pub fn inject_csp(document: &NodeRef, csp: &str) {
 
				   });
			
 
				 }
			
 
				 
			
 
				-/// Injects a content security policy token to the HTML.
			
 
				-pub fn inject_csp_token(document: &NodeRef) {
			
 
				-  inject_csp(document, CSP_TOKEN)
			
 
				-}
			
 
				-
			
 
				 fn create_csp_meta_tag(csp: &str) -> NodeRef {
			
 
				   NodeRef::new_element(
			
 
				     QualName::new(None, ns!(html), LocalName::from("meta")),
			
@@ -298,12 +291,12 @@ mod tests {
 
				     ];
			
 
				     for html in htmls {
			
 
				       let document = kuchiki::parse_html().one(html);
			
 
				-      super::inject_csp_token(&document);
			
 
				+      let csp = "csp-string";
			
 
				+      super::inject_csp(&document, csp);
			
 
				       assert_eq!(
			
 
				         document.to_string(),
			
 
				         format!(
			
 
				-          r#"<html><head><meta http-equiv="Content-Security-Policy" content="{}"></head><body></body></html>"#,
			
 
				-          super::CSP_TOKEN
			
 
				+          r#"<html><head><meta http-equiv="Content-Security-Policy" content="{csp}"></head><body></body></html>"#,
			
 
				         )
			
 
				       );
			
 
				     }
			
--- a/core/tauri/src/protocol/tauri.rs
+++ b/core/tauri/src/protocol/tauri.rs
@@ -164,14 +164,6 @@ fn get_response<R: Runtime>(
 
				   if let Some(handler) = &web_resource_request_handler {
			
 
				     handler(request, &mut response);
			
 
				   }
			
 
				-  // if it's an HTML file, we need to set the CSP meta tag on Linux
			
 
				-  #[cfg(target_os = "linux")]
			
 
				-  if let Some(response_csp) = response.headers().get("Content-Security-Policy") {
			
 
				-    let response_csp = String::from_utf8_lossy(response_csp.as_bytes());
			
 
				-    let html = String::from_utf8_lossy(response.body());
			
 
				-    let body = html.replacen(tauri_utils::html::CSP_TOKEN, &response_csp, 1);
			
 
				-    *response.body_mut() = body.as_bytes().to_vec().into();
			
 
				-  }
			
 
				 
			
 
				   Ok(response)
			
 
				 }