6.2 KiB
6.2 KiB
Tauri v2 Capabilities & Permissions Reference
Overview
Tauri v2 uses a capabilities-based security model. By default, nothing is allowed - you must explicitly grant permissions through capability files.
Capability File Structure
Location: src-tauri/capabilities/
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "capability-name",
"description": "What this capability allows",
"windows": ["main", "settings"],
"webviews": [],
"permissions": [
"core:default",
"plugin-name:permission-name"
]
}
Core Permissions
Essential (Almost Always Needed)
{
"permissions": [
"core:default",
"core:window:default",
"core:event:default"
]
}
Window Permissions
| Permission | Description |
|---|---|
core:window:default |
Basic window operations |
core:window:allow-close |
Allow closing windows |
core:window:allow-set-title |
Allow changing window title |
core:window:allow-minimize |
Allow minimizing |
core:window:allow-maximize |
Allow maximizing |
core:window:allow-set-size |
Allow resizing |
core:window:allow-set-position |
Allow repositioning |
core:window:allow-set-fullscreen |
Allow fullscreen toggle |
Event Permissions
| Permission | Description |
|---|---|
core:event:default |
Basic event listening |
core:event:allow-emit |
Allow emitting events |
core:event:allow-listen |
Allow listening to events |
Plugin Permissions
File System (tauri-plugin-fs)
{
"permissions": [
"fs:default",
"fs:allow-read-dir",
"fs:allow-read-file",
"fs:allow-write-file",
"fs:allow-create-dir",
"fs:allow-remove-file",
"fs:allow-rename"
]
}
With Scopes:
{
"permissions": [
{
"identifier": "fs:allow-read-file",
"allow": [
{ "path": "$APPDATA/*" },
{ "path": "$HOME/Documents/*" }
]
}
]
}
Dialog (tauri-plugin-dialog)
{
"permissions": [
"dialog:default",
"dialog:allow-open",
"dialog:allow-save",
"dialog:allow-message",
"dialog:allow-ask",
"dialog:allow-confirm"
]
}
Shell (tauri-plugin-shell)
{
"permissions": [
"shell:default",
"shell:allow-open",
"shell:allow-execute"
]
}
Scoped Execute:
{
"permissions": [
{
"identifier": "shell:allow-execute",
"allow": [
{ "name": "git", "args": true },
{ "name": "npm", "args": ["install", "run"] }
]
}
]
}
HTTP (tauri-plugin-http)
{
"permissions": [
"http:default"
]
}
With URL Scopes:
{
"permissions": [
{
"identifier": "http:default",
"allow": [
{ "url": "https://api.example.com/*" },
{ "url": "https://*.myapp.com/*" }
]
}
]
}
Store (tauri-plugin-store)
{
"permissions": [
"store:default",
"store:allow-get",
"store:allow-set",
"store:allow-delete",
"store:allow-keys",
"store:allow-clear"
]
}
Clipboard (tauri-plugin-clipboard-manager)
{
"permissions": [
"clipboard-manager:default",
"clipboard-manager:allow-read",
"clipboard-manager:allow-write"
]
}
Notification (tauri-plugin-notification)
{
"permissions": [
"notification:default",
"notification:allow-send",
"notification:allow-request-permission"
]
}
Global Shortcut (tauri-plugin-global-shortcut)
{
"permissions": [
"global-shortcut:default",
"global-shortcut:allow-register",
"global-shortcut:allow-unregister"
]
}
Platform-Specific Capabilities
{
"identifier": "desktop-only",
"platforms": ["linux", "macos", "windows"],
"permissions": ["global-shortcut:default"]
}
{
"identifier": "mobile-only",
"platforms": ["iOS", "android"],
"permissions": ["biometric:default", "haptics:default"]
}
Remote URL Access
Allow Tauri commands from remote URLs:
{
"identifier": "remote-access",
"remote": {
"urls": ["https://*.myapp.com"]
},
"permissions": ["http:default"]
}
Custom Permission Files
Create custom permissions in src-tauri/permissions/:
custom.toml:
[[permission]]
identifier = "allow-home-documents"
description = "Allow access to home documents"
commands.allow = ["read_file", "write_file"]
[[scope.allow]]
path = "$HOME/Documents/**"
Reference in capability:
{
"permissions": ["custom:allow-home-documents"]
}
Capability Best Practices
- Principle of Least Privilege: Only grant what's needed
- Use Scopes: Limit file/URL access to specific paths
- Separate Capabilities: Create focused capability files for different features
- Platform-Specific: Use platform filtering for platform-specific features
- Document: Add descriptions to explain why permissions are needed
Common Capability Patterns
Minimal App
{
"identifier": "minimal",
"windows": ["main"],
"permissions": ["core:default"]
}
File Manager
{
"identifier": "file-manager",
"windows": ["main"],
"permissions": [
"core:default",
"fs:default",
"dialog:allow-open",
"dialog:allow-save"
]
}
Web-Connected App
{
"identifier": "web-app",
"windows": ["main"],
"permissions": [
"core:default",
"http:default",
"shell:allow-open"
]
}
Full Desktop App
{
"identifier": "full-desktop",
"windows": ["main"],
"permissions": [
"core:default",
"core:window:default",
"core:event:default",
"fs:default",
"dialog:default",
"shell:default",
"clipboard-manager:default",
"notification:default",
"global-shortcut:default",
"store:default"
]
}