Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docs] Mandatory com.apple.security.network.client Entitlement for macOS Sandboxed Apps #3171

Open
kanghohyeong opened this issue Feb 16, 2025 · 5 comments
Open

[docs] Mandatory com.apple.security.network.client Entitlement for macOS Sandboxed Apps #3171

kanghohyeong opened this issue Feb 16, 2025 · 5 comments
Labels
discuss Does this require further discussion before it's dealt with? enhancement Does it add or improve content?

Comments

@kanghohyeong
Copy link

When sandboxing and bundling a macOS app, it is necessary to include the following entitlement:

<key>com.apple.security.network.client</key>
<true/>

Without this, the app fails to function correctly.(white screen) While I am not entirely sure whether this requirement is due to Tauri’s backend-frontend communication architecture or the use of a WebView, I would greatly appreciate any insights on this.

Debugging and resolving this issue was extremely time-consuming and frustrating. I believe it would be beneficial to document this properly to help others facing the same problem.

Thank you!
@FabianLars
Copy link
Member

Can you double check that with a fresh create-tauri-app project? Pretty sure I've seen a few sandboxed apps without that entitlement.

@FabianLars FabianLars transferred this issue from tauri-apps/tauri Feb 16, 2025
@FabianLars FabianLars added enhancement Does it add or improve content? discuss Does this require further discussion before it's dealt with? labels Feb 16, 2025
@kanghohyeong
Copy link
Author

@FabianLars Hello! To debug this issue, I created a new project using the command npm create tauri-app@latest for testing.
Without writing any code, I only added the entitlement and performed code signing. The application behaved exactly the same as the issue I encountered—showing only a white screen and not running properly.

After adding network.client, it worked properly.

@kanghohyeong
Copy link
Author

Here is my build command
npm run tauri build -- --no-bundle
npm run tauri bundle -- --bundles app

@kanghohyeong
Copy link
Author

I think this thread is probably relevant.
I have also found a few suspicious logs.

결함	00:39:54.542584+0900	com.apple.WebKit.WebContent	Application does not have permission to communicate with network resources. rc=1 : errno=22
오류	00:39:54.556529+0900	entitlement-test	0x12001cc40 - [PID=0] WebProcessProxy::didFinishLaunching: Invalid connection identifier (web process failed to launch)
오류	00:39:54.556684+0900	entitlement-test	0x12001cc40 - [PID=0] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash

@FabianLars
Copy link
Member

I've found the source code of the app that worked without it but I can't retest it anymore due to missing access.

Anyway, doesn't matter, it was probably some weird fluke.

I appreciate the research you have done here :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss Does this require further discussion before it's dealt with? enhancement Does it add or improve content?
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FabianLars @kanghohyeong