Dropping folder does not add to scope | Tauri Apps | Page 1

last tundra Nov 9, 2023, 6:46 AM

#

Tried calling read dir right after drop event of a folder and get "forbidden path: "

wicked cairn Nov 9, 2023, 6:47 AM

#

Does it mention the word "scope"?

last tundra Nov 9, 2023, 6:47 AM

#

it does not, returned "forbidden path" error

#

Dropping files works, but folders it doesnt

#

Not sure if expected or a bug?

wicked cairn Nov 9, 2023, 6:48 AM

#

Can you please post the full error string.

last tundra Nov 9, 2023, 6:49 AM

#

"forbidden path: /Users/revofusion/PersonalFolder"

#

from ipc://localhost/plugin%3Afs%7Cread_dir

#

400 error

#

I got the path from tauri://file-drop event

wicked cairn Nov 9, 2023, 7:00 AM

#

Are you using Tauri v2?

last tundra Nov 9, 2023, 7:16 AM

#

yes

wicked cairn Nov 9, 2023, 7:16 AM

#

I'll try to replicate this in an hour. I have to head out for a bit.

wicked cairn Nov 9, 2023, 9:58 AM

#

Looks like the message has changed but that's still the scope message. You need to allow the path in src-tauri/tauri.conf.json. The bottom of that file should have plugins section which you need to add the fs > scope to similar to below. The first will grant access to the folder itself. The second will grant access to the folder's contents and sub-folder contents.

  "plugins": {
    "shell": {
      "open": true
    },
    "fs": {
      "readDir": true,
      "scope": {
        "allow": ["$HOME/PersonalFolder", "$HOME/PersonalFolder/**"]
      }
    }
  }

hot bay Nov 9, 2023, 11:29 AM

#

hmm

#

does somebody remember how v1 behaved?

#

the plugin doesn't allow it recursively, only the folder and its direct contents which idk how intentional that is

hot bay Nov 9, 2023, 11:31 AM

#

hot bay does somebody remember how v1 behaved?

okay found it. it behaved the same 🤔

#

Can you open an issue on the plugins-workspace repo please?
The error suggests that nothing was allowlisted which is even weirder.

wicked cairn Nov 9, 2023, 1:11 PM

#

The types were a bit wrong so I'll fix those while addressing the scope modification. Do you think recursive scope modification justifies a config option like the Unix dotfiles matching does? It could be used to tighten security a little on apps that don't need it but my experience with not matching dotfiles is a lot of people seem to not realise the config option even exists.

hot bay Nov 9, 2023, 1:12 PM

#

hmm, i'd go without a config for that

#

i agree that nobody would notice it and then wonder why it behaves whatever way it behaves

#

imo always recursively allowlisting folders is an acceptable risk in this context but if you add a note about it in the PR we can ask the other maintainers

wicked cairn Nov 9, 2023, 1:13 PM

#

Will do. Should drags also modify the allowlist?

hot bay Nov 9, 2023, 1:14 PM

#

nah, only drops

#

if users wanna have drags allowlisted i'd rather have them do it themselves manually

wicked cairn Nov 9, 2023, 1:47 PM

#

I've got some notes down on the changes and will make the PR in about 9 hours from now because GitHub is being a pain about 2FA. Basically, the code changes:
https://github.com/tauri-apps/tauri/blob/dev/tooling/api/src/window.ts#L62-L63

  | { type: 'hover'; paths: string[]; position: PhysicalPosition }
  | { type: 'drop'; paths: string[]; position: PhysicalPosition }

https://github.com/tauri-apps/tauri/blob/dev/tooling/api/src/window.ts#L1736

        handler({ ...event, payload: { type: 'drop', paths: event.payload.paths, position: event.payload.position } })

https://github.com/tauri-apps/tauri/blob/dev/tooling/api/src/window.ts#L1743

        handler({ ...event, payload: { type: 'hover', paths: event.payload.paths, position: event.payload.position } })

https://github.com/tauri-apps/tauri/blob/dev/core/tauri/src/manager/window.rs#L693

            let _ = scopes.allow_directory(path, true);

https://github.com/tauri-apps/plugins-workspace/blob/v2/plugins/fs/src/lib.rs#L95

                        let _ = scope.allow_directory(path, true);

hot bay Nov 9, 2023, 1:54 PM

#

oh right, i didn't even think about changes in tauri itself. forgot about that

#

because fs is now its own plugin which also handles the filedrop event for its own scope

wicked cairn Nov 9, 2023, 1:57 PM

#

Oh, did I miss something in the plugin?

hot bay Nov 9, 2023, 1:57 PM

#

the plugin handles the fs scope, tauri core handles the asset protocol scope

wicked cairn Nov 9, 2023, 1:58 PM

#

~~Hm... will look into that before I make the PR. Maybe a draft at first.~~ Found it, added above.

last tundra Nov 9, 2023, 8:11 PM

#

Nice, so these changes will give access to the folder and all subpaths right?

wicked cairn Nov 9, 2023, 11:33 PM

#

Yes.

wicked cairn Nov 10, 2023, 3:49 AM

#

Did some further testing just now and it turns out that the fs plugin doesn't receive the drop events. Which explains why the error was saying the path was forbidden, it was never trying to add it to the fs scope.

last tundra Nov 10, 2023, 5:45 AM

#

Weird

#

How was file drop working then

wicked cairn Nov 10, 2023, 5:51 AM

#

Filedrop works, just the fs scope isn't extended by it like it's meant to be.

last tundra Nov 10, 2023, 6:54 AM

#

wicked cairn Filedrop works, just the fs scope isn't extended by it like it's meant to be.

Thank you for debugging this

#

Is there a PR I can track

#Dropping folder does not add to scope