Lib.rs

GUI
#tauri-plugin #cors #fetch #unofficial

sys tauri-plugin-cors-fetch

Enabling Cross-Origin Resource Sharing (CORS) for Fetch Requests within Tauri applications

by idootop and 2 contributors

15 stable releases (4 major)

new 5.0.0 Jan 21, 2026
4.2.0 Jan 20, 2026
4.1.0 Jun 28, 2025
3.1.0 Dec 22, 2024
1.3.1 Mar 25, 2024

#195 in GUI

Download history 146/week @ 2025-10-02 152/week @ 2025-10-09 312/week @ 2025-10-16 151/week @ 2025-10-23 167/week @ 2025-10-30 138/week @ 2025-11-06 142/week @ 2025-11-13 195/week @ 2025-11-20 309/week @ 2025-11-27 257/week @ 2025-12-04 147/week @ 2025-12-11 177/week @ 2025-12-18 159/week @ 2025-12-25 556/week @ 2026-01-01 461/week @ 2026-01-08 312/week @ 2026-01-15

1,504 downloads per month

MIT license

80KB
756 lines

tauri-plugin-cors-fetch

crates.io Download MIT licensed Documentation

An unofficial Tauri plugin that enables seamless cross-origin (CORS) requests by transparently proxying the native fetch API through Tauri's HTTP client.

Features

  • Zero Code Change: Use standard fetch() as you normally would.
  • Streaming & SSE: Full support for Response Streaming and Server-Sent Events (SSE).
  • Configurable: Granular control over which domains bypass CORS.
  • Multi-platform: Supports Windows, macOS, Linux, iOS, and Android.

Quick Start

1. Install Dependencies

Add the plugin to your Cargo.toml:

# src-tauri
cargo add tauri-plugin-cors-fetch

2. Initialize Plugin

Register the plugin in your Tauri setup:

// src-tauri/src/lib.rs
pub fn run() {
    tauri::Builder::default()
        .plugin(tauri_plugin_cors_fetch::init()) // 👈 here
        .run(tauri::generate_context!())
        .expect("failed to run app");
}

3. Configure Permissions & Settings

Add the required permission to your capability file:

// src-tauri/capabilities/default.json
{
  "permissions": ["cors-fetch:default"]
}

Ensure withGlobalTauri is enabled in tauri.conf.json:

// src-tauri/tauri.conf.json
{
  "app": {
    "withGlobalTauri": true
  }
}

Usage

Once initialized, the plugin automatically hooks into the global fetch. No changes to your frontend code are required:

// This request now bypasses CORS automatically
const response = await fetch("https://api.openai.com");
const data = await response.json();

Configuration

You can fine-tune the behavior via window.CORSFetch.config():

window.CORSFetch.config({
  include: [/^https?:\/\//i], // Patterns to proxy (default: all)
  exclude: ["https://api.openai.com/v1/chat/completions"],
  // Default request options for Tauri HTTP Client
  request: {
    connectTimeout: 30 * 1000, // ms
    maxRedirections: 5,
    proxy: {
      all: "http://127.0.0.1:7890",
    },
    danger: {
      acceptInvalidCerts: false,
      acceptInvalidHostnames: false,
    },
    userAgent: navigator.userAgent,
  },
});

Direct Access APIs

  • window.fetchCORS(url, init): Explicitly use the CORS-bypassing fetch.
  • window.fetchNative(url, init): Use the original browser fetch (subject to CORS).

Limitations

  • Fetch Only: Does not support XMLHttpRequest (XHR).

License

MIT License © 2024-PRESENT Del Wang

Dependencies

~17–71MB
~1M SLoC