Need some help on security config for file and http request #12880

bouteillerAlan · 2025-03-03T11:26:25Z

bouteillerAlan
Mar 3, 2025

Hello :)

I'm currently making an app with Tauri, the objective is very simple: the user can make any HTTP request it wants on any target (like Postman or Insomnia).

I'm trying to do two things, actually:

I want to store a history.json file in the $APPLOCALDATA with read/write access, but the app should also detect if the file exist and create it if it's not the case
I want to allow the user to GET, POST, PUT, DELETE, PATCH, HEADER, and so on any url (localhost or in the web, http or https)

My code is set up for the history file, and for the request I use Axios and I recently try this package too (https://github.com/persiliao/axios-tauri-api-adapter).

My code is available here (https://github.com/bouteillerAlan/postier) if you want to check, but the code is not my question here ^^

I have hard time to understand what I have to do for the security configuration.

I understand that I have to update the capabilities/default.json file with something like:

"permissions": [
    "core:default",
    "opener:default",
    {
      "identifier": "fs:allow-write-file",
      "allow": [{"path": "$APPLOCALDATA/*"}]
    },
    {
      "identifier": "fs:allow-read-file",
      "allow": [{"path": "$APPLOCALDATA/*"}]
    },
    {
      "identifier": "http:default",
      "allow": [{ "url": "https://google.fr" }]
    }
],

But in both of my case nothing work at all.

The request (get on https://google.fr) is never made (http.fetch not allowed. Permissions associated with this command: http:allow-fetch, http:default) and for the file this is mostly the same Failed to ensure app data directory exists: "fs.exists not allowed. Permissions associated with this command: fs:allow-app-meta,....

So, do I need to also update the tauri.conf.json like I saw in some question here? With what?
What config do I need to use for making the request and the file storage working?