feat: set Content-Security-Policy header, fill HTML on Linux

2026-02-04 02:31:23 +01:00 · 2022-06-19 15:29:24 -03:00
parent 3fa8141e85
commit 171e62c584
1 changed files with 15 additions and 1 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -62,19 +62,33 @@ impl Builder {
          let server =
            Server::http(&format!("localhost:{}", port)).expect("Unable to spawn server");
          for req in server.incoming_requests() {
-            if let Some(asset) = asset_resolver.get(req.url().into()) {
+            #[allow(unused_mut)]
+            if let Some(mut asset) = asset_resolver.get(req.url().into()) {
              let request = Request {
                url: req.url().into(),
              };
              let mut response = Response {
                headers: Default::default(),
              };
+
              response.add_header("Content-Type", asset.mime_type);
+              if let Some(csp) = asset.csp_header {
+                response
+                  .headers
+                  .insert("Content-Security-Policy".into(), csp);
+              }

              if let Some(on_request) = &on_request {
                on_request(&request, &mut response);
              }

+              #[cfg(target_os = "linux")]
+              if let Some(response_csp) = response.headers.get("Content-Security-Policy") {
+                let html = String::from_utf8_lossy(&asset.bytes);
+                let body = html.replacen(tauri::utils::html::CSP_TOKEN, response_csp, 1);
+                asset.bytes = body.as_bytes().to_vec();
+              }
+
              let mut resp = HttpResponse::from_data(asset.bytes);
              for (header, value) in response.headers {
                if let Ok(h) = Header::from_bytes(header.as_bytes(), value) {