tauri-apps
[bug] Tauri 2.0.1-rc10 on Windows - Refused to execute inline script in isolation mode
Describe the bug
Running the latest RC of Tauri version 2 on Windows with isolation mode active results in an error like Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-16386336672808645265' 'sha256-Ptr6AdEVRnAzjWNLKfOsbSdF0wBZquJ8JC9yowI7oUU=' 'sha256-BimfdWigiGKqCgqYSKsBLTLCR4WMW0TQcnrCL0CsVCM=' 'sha256-Ptr6AdEVRnAzjWNLKfOsbSdF0wBZquJ8JC9yowI7oUU='". Either the 'unsafe-inline' keyword, a hash ('sha256-zTUpprM6DaX+a1WejnBsJRGhqeeHrm1DViGQwA5rHK8='), or a nonce ('nonce-...') is required to enable inline execution.
Somehow that only happens in isolation mode.
Reproduction
https://github.com/inzanez/csp-issue
Expected behavior
No response
Full tauri info output
[✔] Environment
- OS: Windows 10.0.19045 x86_64 (X64)
✔ WebView2: 128.0.2739.67
✔ MSVC:
- Visual Studio Build Tools 2022
- Visual Studio Professional 2017
✔ rustc: 1.80.1 (3f5fd8dd4 2024-08-06)
✔ cargo: 1.80.1 (376290515 2024-07-16)
✔ rustup: 1.27.1 (54dd3d00f 2024-04-24)
✔ Rust toolchain: stable-x86_64-pc-windows-msvc (default)
- node: 20.17.0
- npm: 10.8.2
[-] Packages
- tauri 🦀: 2.0.0-rc.11
- tauri-build 🦀: 2.0.0-rc.10
- wry 🦀: 0.43.1
- tao 🦀: 0.30.0
- tauri-cli 🦀: 1.6.1
- @tauri-apps/api : 2.0.0-rc.4
- @tauri-apps/cli : 2.0.0-rc.13
[-] Plugins
- tauri-plugin-fs 🦀: 2.0.0-rc.3
- @tauri-apps/plugin-fs : 2.0.0-rc.2
- tauri-plugin-shell 🦀: 2.0.0-rc.3
- @tauri-apps/plugin-shell : 2.0.0-rc.1
- tauri-plugin-dialog 🦀: 2.0.0-rc.5
- @tauri-apps/plugin-dialog : 2.0.0-rc.1
[-] App
- build-type: bundle
- CSP: unset
- frontendDist: ../build
- devUrl: http://localhost:1420/
- framework: Svelte
- bundler: Vite
Stack trace
No response
Additional context
No response
My workaround was replacing the script on the iframe's src by an html file. The html file must contain the entire script inside the