What is the correct way to configure CSP in Tauri when using CSS-in-JS libraries?
In the release build, Tauri does not render anything. After a bit of Googling, I found the same issue, but I am still confused about the right CSP configuration to set when using CSS-in-JS libraries like styled-components.
Right now, this is my CSP:
"csp": "default-src 'self'"
Error:
Solution
Okay, I finally ended up with this configuration in the tauri.conf.json file. Is this the right way to do it? I don't know. I'm leaving my answer here so people who come here may find this useful.
"security": {
"dangerousDisableAssetCspModification": ["style-src"],
"csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' asset:"
}
EDIT:
Based on my own experience, I've never seen an attack that leveraged the injection of CSS to cause harm. - https://scotthelme.co.uk/can-you-get-pwned-with-css/
I guess "unsafe-inline" is okay.
Related: https://github.com/tauri-apps/tauri/discussions/8578
- How to make a TLS connection between two peers using Rust tokio_native_tls
- How to get a Vec of Structs out of dataframe?
- Get the current thread id and process id as integers?
- How to create uninitialized Vec
- How to make a compiled Regexp a global variable?
- How to write a retry function in Rust that involves async
- no targets specified in the manifest - either src/lib.rs, src/main.rs, a [lib] section, or [[bin]] section must be present
- Should Cargo.lock be committed when the crate is both a rust library and an executable?
- How do I get a JavaVM or JNIEnv from an already-running JVM using JNI?
- unresolved import rust in workspace with multiple crates
- Compiler not finding included c++ file
- Idiomatic way to circumvent "temporary value dropped while borrowed"?
- Why does `tokio::spawn` requires a `'static` lifetime if I immediately await it?
- How to convert a u32 pid to windows-rs HANDLE
- FFMPEG Api conversion from YUV420P to RGB produces strange output
- How to avoid repetitive calls to a function with arguments of different types fitting the same generic parameter?
- Allocating/Deallocating Memory in Rust compiled to Webassembly
- Why is this MyStruct<T> not coercing properly into MyStruct<dyn T>?
- create ListNode from Vec with ref to first Node
- Record video stream in rust
- How to convert short UUID's back to UUID's
- Child Windows using Rust
- Utilize copied assets for Trunk web app in Rust code
- What is the difference between adding the `?` operator and not adding it in this call?
- How to drop a MaybeUninit of vector or array which is partially initialized?
- Are there any performance advantages in using `unreachable!` vs `panic!`?
- Generating an error for Pinned objects in Rust
- How to use a different source for a cargo dependency under miri
- Failed to use ILI9486 display with esp32-s3 (targetting to use rust)
- How to obtain reference to array instead of slice?