f883781c1f
From the deep-audit wave (reviewer-verified: capability identifiers valid, no removed-crate references, GDI free ordering correct): - Removed 8 never-registered plugins (clipboard-manager, fs, shell, http, process, os, dialog, global-shortcut) from Cargo.toml AND their capability grants (shell:allow-execute, unscoped fs writes, http:default, …) — verified the web never invokes any of them. A latent RCE-class surface is gone. - on_new_window: only http/https/mailto reach the OS opener (file:///custom schemes previously bypassed the opener capability scope entirely). - set_badge_count: freed hdc + hdc_screen on all three GDI error paths (leaked per badge update in a long-running tray app). - 8s reveal failsafe gated by an AtomicBool: no longer re-shows a window the user closed to tray; page-load reveal now fires once only (logout reloads don't re-surface a tray-hidden window); recovery for a missed page-load event preserved. - toast.rs: store pruned on Activated too + capped at 20 (was unbounded). - Startup no longer panics when the bundled icon is missing (tray skipped gracefully); msSmartScreenProtection no longer disabled (throttling disables kept); rust-version corrected to 1.77.2. - release.yml update-manifest: fails on empty signatures (was: could publish a manifest that traps Windows users in a failed-update loop); partial- failure window documented. Deleted the stale upstream tauri.yml workflow. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
56 lines
1.7 KiB
JSON
56 lines
1.7 KiB
JSON
{
|
|
"identifier": "migrated",
|
|
"description": "permissions that were migrated from v1",
|
|
"local": true,
|
|
"remote": {
|
|
"urls": [
|
|
"http://localhost:44548"
|
|
]
|
|
},
|
|
"windows": [
|
|
"main"
|
|
],
|
|
"permissions": [
|
|
"core:default",
|
|
"core:window:allow-create",
|
|
"core:window:allow-center",
|
|
"core:window:allow-request-user-attention",
|
|
"core:window:allow-set-resizable",
|
|
"core:window:allow-set-maximizable",
|
|
"core:window:allow-set-minimizable",
|
|
"core:window:allow-set-closable",
|
|
"core:window:allow-set-title",
|
|
"core:window:allow-maximize",
|
|
"core:window:allow-unmaximize",
|
|
"core:window:allow-minimize",
|
|
"core:window:allow-unminimize",
|
|
"core:window:allow-show",
|
|
"core:window:allow-hide",
|
|
"core:window:allow-close",
|
|
"core:window:allow-set-decorations",
|
|
"core:window:allow-set-always-on-top",
|
|
"core:window:allow-set-content-protected",
|
|
"core:window:allow-set-size",
|
|
"core:window:allow-set-min-size",
|
|
"core:window:allow-set-max-size",
|
|
"core:window:allow-set-position",
|
|
"core:window:allow-set-fullscreen",
|
|
"core:window:allow-set-focus",
|
|
"core:window:allow-set-icon",
|
|
"core:window:allow-set-skip-taskbar",
|
|
"core:window:allow-set-cursor-grab",
|
|
"core:window:allow-set-cursor-visible",
|
|
"core:window:allow-set-cursor-icon",
|
|
"core:window:allow-set-cursor-position",
|
|
"core:window:allow-set-ignore-cursor-events",
|
|
"core:window:allow-start-dragging",
|
|
"core:webview:allow-print",
|
|
"notification:default",
|
|
"core:app:allow-app-show",
|
|
"core:app:allow-app-hide",
|
|
{
|
|
"identifier": "opener:allow-open-url",
|
|
"allow": [{ "url": "http://*" }, { "url": "https://*" }]
|
|
}
|
|
]
|
|
} |