diff --git a/docs/adr/0098-in-app-image-and-pdf-file-previews.md b/docs/adr/0098-in-app-image-and-pdf-file-previews.md index 6e83cfd9..f63538c2 100644 --- a/docs/adr/0098-in-app-image-and-pdf-file-previews.md +++ b/docs/adr/0098-in-app-image-and-pdf-file-previews.md @@ -17,6 +17,7 @@ ADR-0086 introduced the `FilePreview` path for image binaries while keeping bina - The scanner keeps the coarse `fileKind: "binary"` representation. Previewability stays a renderer concern inferred from the file extension in `src/utils/filePreview.ts`. - Supported images render with `` and supported PDFs render with the webview PDF object renderer, both using Tauri asset URLs from `convertFileSrc`. +- The Tauri CSP permits scoped asset URLs in `object-src` so PDF objects can load vault-backed files without broadening script, connect, or image policy. - PDF preview fallback content lives inside the PDF object so unsupported or failed renderers still expose an explicit "Open in default app" escape hatch. - Note-list rows for previewable images and PDFs remain clickable and carry file-specific indicators; unsupported binary rows stay muted and non-clickable. - `Escape` on the preview surface returns keyboard focus to the note list, matching the existing image-preview keyboard behavior. diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index 415f4bdb..0d8f00bc 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -37,7 +37,7 @@ "style-src-attr": "'unsafe-inline'", "font-src": "'self' data: https://fonts.gstatic.com", "media-src": "'self' data: blob: https:", - "object-src": "'none'" + "object-src": "'self' asset: http://asset.localhost" }, "assetProtocol": { "enable": true, diff --git a/src/utils/tauriCsp.test.ts b/src/utils/tauriCsp.test.ts index 2aefef22..308084b6 100644 --- a/src/utils/tauriCsp.test.ts +++ b/src/utils/tauriCsp.test.ts @@ -11,4 +11,12 @@ describe('Tauri Content Security Policy', () => { expect(csp['style-src-elem']).toContain('https://fonts.googleapis.com') expect(csp['style-src-attr']).toBe("'unsafe-inline'") }) + + it('allows PDF object previews from scoped Tauri asset URLs', () => { + const config = JSON.parse(readFileSync(`${process.cwd()}/src-tauri/tauri.conf.json`, 'utf8')) + const csp = config.app.security.csp as Record + + expect(csp['object-src']).toContain('asset:') + expect(csp['object-src']).toContain('http://asset.localhost') + }) })