feat(core): allow window label pattern for remote domain access scope #7468
Conversation
|
This should resolve #7461 |
|
Doc PR is tauri-apps/tauri-docs#1330 |
|
I've pushed some changes to enhance this but they are breaking changes (good thing this PR targets v2 anyway). If we want to backport this for v1, we need to stick to your original PR. Thanks for your contribution! Let's wait for a security audit on this. |
lucasfernog
added
security: needs audit
|
@lucasfernog Thanks for the updating, there was a build error, I've pushed a commit, please take a look. Thanks. |
| { | ||
| let windows = Option::<Vec<String>>::deserialize(deserializer)?.unwrap_or_default(); | ||
| for w in &windows { | ||
| if w == "*" || w == "**" { |
There was a problem hiding this comment.
I think this check is not sufficient as devs can just write ?* or [?*] to bypass this full wildcard prevention check.
Also from my perspective allowing ** anywhere doesn't make sense. The glob crate is imho meant for file paths and we should use a more simpler approach here.
From my perspective we should use simple string comparisons like starts_with or ends_with to allow something like foo- or -remote for labels instead of using complex matching pattern. We could expose these two patterns via a flag (e.g: "fuzzy_matching" : true)
If there is a reason to go for regex patterns I'm all ears but my assumption is most devs want to allow remote access to certain window types where they can prefix with remote-. Using the glob crate would allow for more fine grained matching but will be a footgun for most devs.
tweidinger
added
security: feedback loop
|
We redesigned the whole remote URL scope on #8428 Thank you for this PR! |
What kind of change does this PR introduce?
Does this PR introduce a breaking change?
Checklist
fix: remove a typo, closes #___, #___)Other information