tauri_utils::config

Struct HeaderConfig

Source 
pub struct HeaderConfig {
    pub access_control_allow_credentials: Option<HeaderSource>,
    pub access_control_allow_headers: Option<HeaderSource>,
    pub access_control_allow_methods: Option<HeaderSource>,
    pub access_control_expose_headers: Option<HeaderSource>,
    pub access_control_max_age: Option<HeaderSource>,
    pub cross_origin_embedder_policy: Option<HeaderSource>,
    pub cross_origin_opener_policy: Option<HeaderSource>,
    pub cross_origin_resource_policy: Option<HeaderSource>,
    pub permissions_policy: Option<HeaderSource>,
    pub timing_allow_origin: Option<HeaderSource>,
    pub x_content_type_options: Option<HeaderSource>,
    pub tauri_custom_header: Option<HeaderSource>,
}
Expand description

A struct, where the keys are some specific http header names. If the values to those keys are defined, then they will be send as part of a response message. This does not include error messages and ipc messages

§Example configuration

{
 //..
  app:{
    //..
    security: {
      headers: {
        "Cross-Origin-Opener-Policy": "same-origin",
        "Cross-Origin-Embedder-Policy": "require-corp",
        "Timing-Allow-Origin": [
          "https://developer.mozilla.org",
          "https://example.com",
        ],
        "Access-Control-Expose-Headers": "Tauri-Custom-Header",
        "Tauri-Custom-Header": {
          "key1": "'value1' 'value2'",
          "key2": "'value3'"
        }
      },
      csp: "default-src 'self'; connect-src ipc: http://ipc.localhost",
    }
    //..
  }
 //..
}

In this example Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy are set to allow for the use of SharedArrayBuffer. The result is, that those headers are then set on every response sent via the get_response function in crates/tauri/src/protocol/tauri.rs. The Content-Security-Policy header is defined separately, because it is also handled separately.

For the helloworld example, this config translates into those response headers:

access-control-allow-origin:  http://tauri.localhost
access-control-expose-headers: Tauri-Custom-Header
content-security-policy: default-src 'self'; connect-src ipc: http://ipc.localhost; script-src 'self' 'sha256-Wjjrs6qinmnr+tOry8x8PPwI77eGpUFR3EEGZktjJNs='
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
tauri-custom-header: key1 'value1' 'value2'; key2 'value3'
timing-allow-origin: https://developer.mozilla.org, https://example.com

Since the resulting header values are always ‘string-like’. So depending on the what data type the HeaderSource is, they need to be converted.

  • String(JS/Rust): stay the same for the resulting header value
  • Array(JS)/Vec\<String\>(Rust): Item are joined by “, “ for the resulting header value
  • Object(JS)/ Hashmap\<String,String\>(Rust): Items are composed from: key + space + value. Item are then joined by “; “ for the resulting header value

Fields§

§access_control_allow_credentials: Option<HeaderSource>

The Access-Control-Allow-Credentials response header tells browsers whether the server allows cross-origin HTTP requests to include credentials.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials

§access_control_allow_headers: Option<HeaderSource>

The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.

This header is required if the request has an Access-Control-Request-Headers header.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

§access_control_allow_methods: Option<HeaderSource>

The Access-Control-Allow-Methods response header specifies one or more methods allowed when accessing a resource in response to a preflight request.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods

§access_control_expose_headers: Option<HeaderSource>

The Access-Control-Expose-Headers response header allows a server to indicate which response headers should be made available to scripts running in the browser, in response to a cross-origin request.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

§access_control_max_age: Option<HeaderSource>

The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age

§cross_origin_embedder_policy: Option<HeaderSource>

The HTTP Cross-Origin-Embedder-Policy (COEP) response header configures embedding cross-origin resources into the document.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy

§cross_origin_opener_policy: Option<HeaderSource>

The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents. COOP will process-isolate your document and potential attackers can’t access your global object if they were to open it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy

§cross_origin_resource_policy: Option<HeaderSource>

The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy

§permissions_policy: Option<HeaderSource>

The HTTP Permissions-Policy header provides a mechanism to allow and deny the use of browser features in a document or within any <iframe> elements in the document.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

§timing_allow_origin: Option<HeaderSource>

The Timing-Allow-Origin response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin

§x_content_type_options: Option<HeaderSource>

The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

§tauri_custom_header: Option<HeaderSource>

A custom header field Tauri-Custom-Header, don’t use it. Remember to set Access-Control-Expose-Headers accordingly

NOT INTENDED FOR PRODUCTION USE

Implementations§

Source§

impl HeaderConfig

Source

pub fn new() -> Self

creates a new header config

Trait Implementations§

Source§

impl Clone for HeaderConfig

Source§

fn clone(&self) -> HeaderConfig

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for HeaderConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for HeaderConfig

Source§

fn default() -> HeaderConfig

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for HeaderConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for HeaderConfig

Source§

fn eq(&self, other: &HeaderConfig) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for HeaderConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for HeaderConfig

Source§

impl StructuralPartialEq for HeaderConfig

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Serialize for T
where T: Serialize + ?Sized,

Source§

fn erased_serialize(&self, serializer: &mut dyn Serializer) -> Result<(), Error>

Source§

fn do_erased_serialize( &self, serializer: &mut dyn Serializer, ) -> Result<(), ErrorImpl>

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T