#Initialization script on remote URL

7 messages · Page 1 of 1 (latest)

jolly jacinth
#

I try to create a webview manually redirecting to an external URL giving an initialization script.

use include_flate::flate;
use tauri::{App, WebviewUrl, WebviewWindowBuilder};
use url::Url;

flate!(pub static INJECTION: str from "./dist/index.js");

#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
    let app_url = Url::parse("https://ecole-directe.plus/login").unwrap();
    let app_url_external = WebviewUrl::External(app_url);
    let injection = INJECTION.clone();

    tauri::Builder::default()
        .plugin(tauri_plugin_http::init())
        .invoke_handler(tauri::generate_handler![])
        .setup(move |app: &mut App| {
            let win = WebviewWindowBuilder::new(app, "main", app_url_external)
                .title("Ecole Directe Plus")
                .resizable(true)
                .disable_drag_drop_handler()
                .decorations(true)
                .shadow(true)
                .inner_size(1280.0, 720.0)
                .initialization_script(injection)
                .build()?;

            win.open_devtools();

            Ok(())
        })
        .run(tauri::generate_context!())
        .expect("error while running tauri application");
}

I allowed the remote URL as mentionend in the documentation in my capabilities :

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "default",
  "description": "Capability for the main window",
  "remote": {
    "urls": ["https://ecole-directe.plus/*"]
  },
  "windows": ["main"],
  "permissions": [
    "core:path:default",
    "core:event:default",
    "core:window:default",
    "core:app:default",
    "core:resources:default",
    "core:menu:default",
    "core:tray:default",
    "core:window:allow-set-fullscreen",
    "core:window:allow-start-dragging",
    "core:webview:default",
    "core:webview:allow-set-webview-zoom",
    {
      "identifier": "http:default",
      "allow": [
        {
          "url": "https://**/*"
        },
        {
          "url": "http://**/*"
        }
      ]
    }
  ]
}

But sadly, when I run the app, I get the following errors in the terminal :

[Warning] [blocked] The page at https://ecole-directe.plus/login requested insecure content from ipc://localhost/plugin%3Aevent%7Cemit. This content was blocked and must (user-script:3, line 83)

[Error] Not allowed to request resource
    sendIpcMessage (user-script:3:83)
    (anonymous function) (user-script:5:177)
    action (user-script:5:311)
    (anonymous function) (user-script:5:320)
    Promise
    value (user-script:5:300)
    h (user-script:9:1:1964)
    (anonymous function) (user-script:9:1:6641)
    L (user-script:9:1:6683)
    (anonymous function) (user-script:11:26)
    (anonymous function) (user-script:11:16)
    Global Code (user-script:11:49)
[Error] Fetch API cannot load ipc://localhost/plugin%3Aevent%7Cemit due to access control checks.
    sendIpcMessage (user-script:3:83)
    (anonymous function) (user-script:5:177)
    action (user-script:5:311)
    (anonymous function) (user-script:5:320)
    Promise
    value (user-script:5:300)
    h (user-script:9:1:1964)
    (anonymous function) (user-script:9:1:6641)
    L (user-script:9:1:6683)
    (anonymous function) (user-script:11:26)
    (anonymous function) (user-script:11:16)
    Global Code (user-script:11:49)

and the page won't load anymore, nothing works, not even the console !

#

This is my JS initialization code :

if (window.self !== window.top) {
  window.__TAURI_POST_MESSAGE__ = () => {
    return null;
  };

  return;
}

while (!window.__TAURI__) {
  await new Promise((resolve) => setTimeout(resolve, 50));
}

// fails here
window.__TAURI__.event.emit("js_context_loaded", null);

// never gets executed because of the above error 
window.__FETCH__ = window.fetch;
window.fetch = ... /* here i patch fetch to use window.__TAURI__.http.fetch instead */ ;

document.addEventListener("DOMContentLoaded", () => {
  // ... nothing much
});
#

here's my tauri.config.json

{
  "$schema": "https://schema.tauri.app/config/2",
  "productName": "Ecole Directe Plus",
  "version": "0.1.0",
  "identifier": "plus.ecole-directe.app",
  "build": {
    "beforeDevCommand": "pnpm build:injection",
    "beforeBuildCommand": "pnpm build:injection",
    "devUrl": "https://ecole-directe.plus/login",
    "frontendDist": "https://ecole-directe.plus/login"
  },
  "app": {
    "macOSPrivateApi": true,
    "withGlobalTauri": true,
    "security": {
      "csp": null
    }
  },
  "bundle": {
    "active": true,
    "category": "Education",
    "targets": "all",
    "icon": [
      "icons/32x32.png",
      "icons/128x128.png",
      "icons/[email protected]",
      "icons/icon.icns",
      "icons/icon.ico"
    ],
    "windows": {
      "certificateThumbprint": null,
      "digestAlgorithm": "sha256",
      "timestampUrl": ""
    },
    "macOS": {
      "entitlements": null,
      "exceptionDomain": "",
      "frameworks": [],
      "providerShortName": null,
      "signingIdentity": null
    }
  }
}
wooden shadow
#

can you also share the output of the tauri info command?

#

the ipc call erroring out on access control checks is to be expected but it should fallback automatically to another implementation that doesn't use fetch

jolly jacinth
# wooden shadow can you also share the output of the `tauri info` command? 
> tauri info


[✔] Environment
    - OS: Mac OS 15.5.0 arm64 (X64)
    ✔ Xcode Command Line Tools: installed
    ✔ rustc: 1.86.0 (05f9846f8 2025-03-31)
    ✔ cargo: 1.86.0 (adf9b6ad1 2025-02-28)
    ✔ rustup: 1.28.1 (f9edccde0 2025-03-05)
    ✔ Rust toolchain: stable-aarch64-apple-darwin (default)
    - node: 23.11.0
    - pnpm: 10.9.0
    - yarn: 1.22.22
    - npm: 11.3.0
    - bun: 1.2.13

[-] Packages
    - tauri 🦀: 2.5.1
    - tauri-build 🦀: 2.2.0
    - wry 🦀: 0.51.2
    - tao 🦀: 0.33.0
    - @tauri-apps/api : 2.5.0
    - @tauri-apps/cli : 2.5.0

[-] Plugins
    - tauri-plugin-http 🦀: 2.4.3
    - @tauri-apps/plugin-http : not installed!
    - tauri-plugin-fs 🦀: 2.2.1
    - @tauri-apps/plugin-fs : not installed!

[-] App
    - build-type: bundle
    - CSP: unset
    - frontendDist: https://ecole-directe.plus/login
    - devUrl: https://ecole-directe.plus/login
jolly jacinth
#

figured out the issue : i was using the http api on ipc:// and / calls