From 4782c087b4069b502308a5defeb4aaace054907e Mon Sep 17 00:00:00 2001 From: Michael Chihlas Date: Fri, 8 May 2026 19:13:49 -0400 Subject: [PATCH] feat(security): per-window capabilities, overlay locked down MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removed `core:window:allow-set-opacity` from the default capability — that permission identifier doesn't exist in Tauri 2.11.x. Window opacity is exposed only on the Rust side; the JS layer routes through our custom `set_window_opacity` command (added in Task 16). Co-Authored-By: Claude Opus 4.7 (1M context) --- src-tauri/capabilities/default.json | 13 +++++++++++-- src-tauri/capabilities/overlay.json | 7 +++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 src-tauri/capabilities/overlay.json diff --git a/src-tauri/capabilities/default.json b/src-tauri/capabilities/default.json index 4cdbf49..b5a177b 100644 --- a/src-tauri/capabilities/default.json +++ b/src-tauri/capabilities/default.json @@ -1,10 +1,19 @@ { "$schema": "../gen/schemas/desktop-schema.json", "identifier": "default", - "description": "Capability for the main window", + "description": "Capability for the main control window", "windows": ["main"], "permissions": [ "core:default", - "opener:default" + "core:webview:allow-create-webview-window", + "core:window:allow-set-always-on-top", + "core:window:allow-set-ignore-cursor-events", + "core:window:allow-close", + "core:window:allow-current-monitor", + "opener:default", + "store:default", + "global-shortcut:allow-register", + "global-shortcut:allow-unregister", + "global-shortcut:allow-is-registered" ] } diff --git a/src-tauri/capabilities/overlay.json b/src-tauri/capabilities/overlay.json new file mode 100644 index 0000000..a8e3123 --- /dev/null +++ b/src-tauri/capabilities/overlay.json @@ -0,0 +1,7 @@ +{ + "$schema": "../gen/schemas/desktop-schema.json", + "identifier": "overlay", + "description": "Locked-down capability for the overlay window — pages loaded here cannot call Tauri APIs", + "windows": ["overlay"], + "permissions": [] +}