From 8e1ae08c69848a65a3deb3b03661a92d888e42ce Mon Sep 17 00:00:00 2001
From: FabianLars <fabianlars@fabianlars.de>
Date: Sat, 8 Jun 2024 13:51:31 +0200
Subject: [PATCH] docs(http): Replace allowlist scope with capability scope

---
 plugins/http/guest-js/index.ts | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/plugins/http/guest-js/index.ts b/plugins/http/guest-js/index.ts
index 047252a5..788e544e 100644
--- a/plugins/http/guest-js/index.ts
+++ b/plugins/http/guest-js/index.ts
@@ -7,16 +7,18 @@
  *
  * ## Security
  *
- * This API has a scope configuration that forces you to restrict the URLs and paths that can be accessed using glob patterns.
+ * This API has a scope configuration that forces you to restrict the URLs that can be accessed using glob patterns.
  *
- * For instance, this scope configuration only allows making HTTP requests to the GitHub API for the `tauri-apps` organization:
+ * For instance, this scope configuration only allows making HTTP requests to all subdomains for `tauri.app` except for `https://private.tauri.app`:
  * ```json
  * {
- *   "plugins": {
- *     "http": {
- *       "scope": ["https://api.github.com/repos/tauri-apps/*"]
+ *   "permissions": [
+ *     {
+ *       "identifier": "http:default",
+ *       "allow": [{ "url": "https://*.tauri.app" }],
+ *       "deny": [{ "url": "https://private.tauri.app" }]
  *     }
- *   }
+ *   ]
  * }
  * ```
  * Trying to execute any API with a URL not configured on the scope results in a promise rejection due to denied access.
@@ -100,7 +102,7 @@ export interface ClientOptions {
  */
 export async function fetch(
   input: URL | Request | string,
-  init?: RequestInit & ClientOptions,
+  init?: RequestInit & ClientOptions
 ): Promise<Response> {
   const maxRedirections = init?.maxRedirections;
   const connectTimeout = init?.connectTimeout;
@@ -148,7 +150,7 @@ export async function fetch(
       // we need to ensure we have all header values as strings
       // eslint-disable-next-line
       typeof val === "string" ? val : (val as any).toString(),
-    ],
+    ]
   );
 
   const rid = await invoke<number>("plugin:http|fetch", {
@@ -191,7 +193,7 @@ export async function fetch(
     "plugin:http|fetch_read_body",
     {
       rid: responseRid,
-    },
+    }
   );
 
   const res = new Response(
@@ -204,7 +206,7 @@ export async function fetch(
       headers: responseHeaders,
       status,
       statusText,
-    },
+    }
   );
 
   // url is read only but seems like we can do this