Saltearse al contenido
Tauri
Guides References Blog Releases

Capability

Esta página aún no está disponible en tu idioma.

A grouping and boundary mechanism developers can use to isolate access to the IPC layer.

It controls application windows’ and webviews’ fine grained access to the Tauri core, application, or plugin commands. If a webview or its window is not matching any capability then it has no access to the IPC layer at all.

This can be done to create groups of windows, based on their required system access, which can reduce impact of frontend vulnerabilities in less privileged windows. Windows can be added to a capability by exact name (e.g. main-window) or glob patterns like * or admin-*. A Window can have none, one, or multiple associated capabilities.

Example

Section titled “Example”
{
  "identifier": "main-user-files-write",
  "description": "This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programmatic access to files selected by the user.",
  "windows": [
    "main"
  ],
  "permissions": [
    "core:default",
    "dialog:open",
    {
      "identifier": "fs:allow-write-text-file",
      "allow": [{ "path": "$HOME/test.txt" }]
    },
  ],
  "platforms": ["macOS","windows"]
}

Object Properties:

  • description
  • identifier (required)
  • local
  • permissions (required)
  • platforms
  • remote
  • webviews
  • windows

description

Section titled “description”

string

Description of what the capability is intended to allow on associated windows.

It should contain a description of what the grouped permissions should allow.

Example

Section titled “Example”

This capability allows the main window access to filesystem write related commands and dialog commands to enable programmatic access to files selected by the user.

identifier

Section titled “identifier”

string

Identifier of the capability.

Example

Section titled “Example”

main-user-files-write

local

Section titled “local”

boolean

Whether this capability is enabled for local app URLs or not. Defaults to true.

Default: true

permissions

Section titled “permissions”

PermissionEntry[] each item must be unique

List of permissions attached to this capability.

Must include the plugin name as prefix in the form of ${plugin-name}:${permission-name}. For commands directly implemented in the application itself only ${permission-name} is required.

Example

Section titled “Example”
[
  "core:default",
  "shell:allow-open",
  "dialog:open",
  {
    "identifier": "fs:allow-write-text-file",
    "allow": [{ "path": "$HOME/test.txt" }]
  }
]

platforms

Section titled “platforms”

Target[] | null

Limit which target platforms this capability applies to.

By default all platforms are targeted.

Example

Section titled “Example”

["macOS","windows"]

remote

Section titled “remote”

CapabilityRemote | null

Configure remote URLs that can use the capability permissions.

This setting is optional and defaults to not being set, as our default use case is that the content is served from our local application.

Example

Section titled “Example”
{
  "urls": ["https://*.mydomain.dev"]
}

webviews

Section titled “webviews”

string[]

List of webviews that are affected by this capability. Can be a glob pattern.

The capability will be enabled on all the webviews whose label matches any of the patterns in this list, regardless of whether the webview’s window label matches a pattern in [Self::windows].

Example

Section titled “Example”

["sub-webview-one", "sub-webview-two"]

windows

Section titled “windows”

string[]

List of windows that are affected by this capability. Can be a glob pattern.

If a window label matches any of the patterns in this list, the capability will be enabled on all the webviews of that window, regardless of the value of [Self::webviews].

On multiwebview windows, prefer specifying [Self::webviews] and omitting [Self::windows] for a fine grained access control.

Example

Section titled “Example”

["main"]

Definitions

Section titled “Definitions”

CapabilityRemote

Section titled “CapabilityRemote”

Configuration for remote URLs that are associated with the capability.

Object Properties:

  • urls (required)
urls
Section titled “urls”

string[]

Remote domains this capability refers to using the URLPattern standard.

Examples
Section titled “Examples”
  • “https://*.mydomain.dev”: allows subdomains of mydomain.dev
  • https://mydomain.dev/api/*”: allows any subpath of mydomain.dev/api

Identifier

Section titled “Identifier”

string

Number

Section titled “Number”

Any of the following:

  • integer formatted as int64 Represents an [i64].
  • number formatted as double Represents a [f64].

A valid ACL number.

PermissionEntry

Section titled “PermissionEntry”

Any of the following:

  • Identifier Reference a permission or permission set by identifier.
  • Reference a permission or permission set by identifier and extends its scope. Object Properties: - allow - deny - identifier (required) ##### allow Value[] | null Data that defines what is allowed by the scope. ##### deny Value[] | null Data that defines what is denied by the scope. This should be prioritized by validation logic. ##### identifier Identifier Identifier of the permission or permission set.

An entry for a permission value in a [Capability] can be either a raw permission [Identifier] or an object that references a permission and extends its scope.

Target

Section titled “Target”

One of the following:

  • "macOS" MacOS.
  • "windows" Windows.
  • "linux" Linux.
  • "android" Android.
  • "iOS" iOS.

Platform target.

Value

Section titled “Value”

Any of the following:

  • null Represents a null JSON value.
  • boolean Represents a [bool].
  • Number Represents a valid ACL [Number].
  • string Represents a [String].
  • Value[] Represents a list of other [Value]s.
  • Represents a map of [String] keys to [Value]s. Allows additional properties: Value

All supported ACL values.

© 2025 Tauri Contributors. CC-BY / MIT