Improper Tauri Security Configuration

Base Metricscoreseverity

Type: Weakness

Status: open

Reporting Date: 2023.04.04

The application is missing a Content Security policy to add a defense-in-depth layer against adversaries.


The Tauri security configuration is not properly faciliated, as the Content Security Policy is not configured.

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.1

We observed the following configuration:

  "security": {
      "csp": null

We could not observe a CSP defined or set with a bundler or other frameworks in use.

A helpful website to improve, define and learn about the CSP is


The csp value was not defined, which allows adversaries to direcly exploit found vulnerabilities. This is a weakness and impact depends on the vulnerabilities abused in the attack scenario.


  • Enable the CSP
  • Harden the CSP as much as possible