On the configuration object, open: true means that the open API can be used with any URL,
as the argument is validated with the ^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+ regex.
You can change that regex by changing the boolean value to a string, e.g. open: ^https://github.com/.
The plugin permissions object has a scope field that defines an array of CLIs that can be used.
Each CLI is a configuration object { name: string, cmd: string, sidecar?: bool, args?: boolean | Arg[] }.
name: the unique identifier of the command, passed to the Command.create function.
If it's a sidecar, this must be the value defined on tauri.conf.json > bundle > externalBin.
cmd: the program that is executed on this configuration. If it's a sidecar, this value is ignored.
sidecar: whether the object configures a sidecar or a system program.
args: the arguments that can be passed to the program. By default no arguments are allowed.
true means that any argument list is allowed.
false means that no arguments are allowed.
otherwise an array can be configured. Each item is either a string representing the fixed argument value
or a { validator: string } that defines a regex validating the argument value.
Access the system shell. Allows you to spawn child processes and manage files and URLs using their default application.
Security
This API has a scope configuration that forces you to restrict the programs and arguments that can be used.
Restricting access to the
openAPIOn the configuration object,
open: truemeans that the open API can be used with any URL, as the argument is validated with the^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+regex. You can change that regex by changing the boolean value to a string, e.g.open: ^https://github.com/.Restricting access to the
CommandAPIsThe plugin permissions object has a
scopefield that defines an array of CLIs that can be used. Each CLI is a configuration object{ name: string, cmd: string, sidecar?: bool, args?: boolean | Arg[] }.name: the unique identifier of the command, passed to the Command.create function. If it's a sidecar, this must be the value defined ontauri.conf.json > bundle > externalBin.cmd: the program that is executed on this configuration. If it's a sidecar, this value is ignored.sidecar: whether the object configures a sidecar or a system program.args: the arguments that can be passed to the program. By default no arguments are allowed.truemeans that any argument list is allowed.falsemeans that no arguments are allowed.{ validator: string }that defines a regex validating the argument value.Example scope configuration
CLI:
git commit -m "the commit message"Capability:
Usage:
Trying to execute any API with a program not configured on the scope results in a promise rejection due to denied access.