chore(hardening): tighten security and footprint defaults
This commit is contained in:
@@ -9,12 +9,12 @@ fn main() {
|
||||
println!("cargo:rustc-link-arg=-Wl,--allow-multiple-definition");
|
||||
}
|
||||
|
||||
assert_localhost_llm_csp();
|
||||
assert_loopback_llm_csp();
|
||||
|
||||
tauri_build::build()
|
||||
}
|
||||
|
||||
/// Regression guard for brief item #2 (pre-emptive localhost LLM scope).
|
||||
/// Regression guard for brief item #2 (pre-emptive loopback LLM scope).
|
||||
///
|
||||
/// Kon's bundled llama.cpp server and any BYO Ollama install speak HTTP
|
||||
/// on `127.0.0.1:*`. If the `connect-src` CSP ever drops those entries,
|
||||
@@ -25,9 +25,9 @@ fn main() {
|
||||
/// Parses `tauri.conf.json` properly and inspects the `connect-src`
|
||||
/// directive of the CSP, rather than substring-searching the whole
|
||||
/// file — the latter would both false-pass on unrelated values
|
||||
/// containing a localhost URL and false-fail on JSON-escaped forward
|
||||
/// containing a loopback URL and false-fail on JSON-escaped forward
|
||||
/// slashes.
|
||||
fn assert_localhost_llm_csp() {
|
||||
fn assert_loopback_llm_csp() {
|
||||
let conf_path = std::path::Path::new("tauri.conf.json");
|
||||
println!("cargo:rerun-if-changed=tauri.conf.json");
|
||||
|
||||
@@ -70,4 +70,12 @@ fn assert_localhost_llm_csp() {
|
||||
{connect_src:?}"
|
||||
);
|
||||
}
|
||||
for forbidden in ["http://localhost:*", "ws://localhost:*"] {
|
||||
assert!(
|
||||
!tokens.contains(&forbidden),
|
||||
"build.rs: tauri.conf.json CSP connect-src must not permit {forbidden}; \
|
||||
normalize local LLM endpoints to 127.0.0.1 instead. Current connect-src: \
|
||||
{connect_src:?}"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user