ruststyled-componentstauricss-in-js
What is the correct way to configure CSP in Tauri when using CSS-in-JS libraries?
In the release build, Tauri does not render anything. After a bit of Googling, I found the same issue, but I am still confused about the right CSP configuration to set when using CSS-in-JS libraries like styled-components.
Right now, this is my CSP:
"csp": "default-src 'self'"
Error:
Solution
Okay, I finally ended up with this configuration in the tauri.conf.json file. Is this the right way to do it? I don't know. I'm leaving my answer here so people who come here may find this useful.
"security": {
"dangerousDisableAssetCspModification": ["style-src"],
"csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' asset:"
}
EDIT:
Based on my own experience, I've never seen an attack that leveraged the injection of CSS to cause harm. - https://scotthelme.co.uk/can-you-get-pwned-with-css/
I guess "unsafe-inline" is okay.
Related: https://github.com/tauri-apps/tauri/discussions/8578
- Is there a way to print enum values?
- How to prevent 408 errors for CloudWatch PutMetricData?
- How to find the number of active tokio tasks?
- Per-thread initialization in Rayon
- Generate a very plain URL with Actix web which has no further params
- Why isn't it allowed to change mutable reference if one or multiple immutable references are within the scope?
- Reading dynamic sized byte arrays as integers
- Converting a Vec<u32> to Vec<u8> in-place and with minimal overhead
- How to qualify a trait function for Ref<RefCell<>>
- Converting a hexadecimal string to a decimal integer
- How to index a String in Rust
- Rust - Passing Rc<> references between different structs
- Why does generic Axum route not compile with inner async call?
- Workaround for a vector of types in rust?
- Difference between `tokio::pin!` and `std::pin::pin!`?
- How to convert DateTime<UTC> to DateTime<FixedOffset> or vice versa?
- How to get value from HashMap with two keys via references to both keys?
- How to use a local unpublished crate?
- Get result from both of `async` functions
- Why is `2_u32..=u32::MAX` not covered when matching on `u64 % 2`?
- How to properly propagate an error through non-error function?
- Custom `derive` macro without the actual `Trait` to be derived
- Problems with rust formatting (x86-unknown-none target)
- How to avoid nested chains of "if let"?
- Android app crashes on load library, cannot find entry point getThreadLocalsEv, how to fix? [example added]
- What's the best borrowing accessor pattern for Optional<String>?
- what is the different with Option as_ref and as_deref in Rust
- Interior mutability abuse in API design?
- How to get a Vec of Structs out of dataframe?
- How to fix Bevy ECS queries conflicting even with filters