search

tauri-apps / tauri

Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
https://tauri.app
Apache License 2.0
82.7k stars 2.48k forks source link

[feat] Web Request Callbacks and Filtering #4899

Open ColonelThirtyTwo opened 2 years ago

ColonelThirtyTwo commented 2 years ago

Describe the problem

Tauri should expose a way to register a Rust callback to intercept and modify requests that the application in the web view makes, as part of navigation, resource loading, or via JavaScript API calls. Election has an API to do this here: https://www.electronjs.org/docs/latest/api/web-request

Applications can use this functionality to modify requests for their needs (adding and removing headers for example) as well as preventing access to sites outside the scope of the application, for security.

Describe the solution you'd like

Electron has an API for this already that can serve as a base. Ideally, we can register two callbacks - one called with the request before it is sent and one called with the response after it is received. The callbacks should be passed the complete info about the request and response, and should be able to mutate or reject them.

Alternatives considered

Delegate requests to the core application via either IPC calls or custom protocols. This requires that the inner page be written to use them though, which is not possible for third party sites, and does not address the use case of security hardening.

Additional context

No response

liesauer commented 2 years ago

+1

liesauer commented 2 years ago

i am developing a hybrid framework app that allows user installs or uninstalls a in-app "app" which is a regular web app with limited hybrid call accessability. the startup app, i call it "hybrid core", is a web desktop(just likes the windows explorer) which has full control of every "app" including but not limited to: "Networking Accessability", "FileSystem Accessability", "Native API Accessability". therefore, "hybrid core" need to intercept every single request including normal webview http/https/ws request, tauri custom protocol request, tauri ipc message request, etc. to make it works.

liesauer commented 2 years ago

i can intercept custom protocol request and ipc message now, but no normal http request. for example:

<img src="http://example.com/abc.png" />
liesauer commented 2 years ago

i developed a similar ios app for internal use(successfully upload to app store) in 2018. i want to refactor it that supports cross-platform with tauri recently.

yuezk commented 1 year ago

I'm waiting for this, too. Do we have any plans for this? Thanks.

FabianLars commented 1 year ago

request filtering is planned, yes. At least a somewhat simple approach/implementation.

modifying requests however is a tricky subject. It would be only possible on Windows. (In theory also on Linux but i do not consider this: https://github.com/tauri-apps/tauri/discussions/4912#discussioncomment-3406282 a viable solution for tauri tbh)

kotx commented 1 year ago

Should this be an issue in the WRY repo? Shouldn't be Tauri-specific, I think.

chvanam commented 1 year ago

Is there an update on this issue ? I agree that a "before/after http event" event with access to the request/response available would be a great addition and catch up to electron !

findre commented 8 months ago

I want get webview's cookie data, i need this