feat: add --root-certificate-path option for mobile dev (#13358)

lucasfernog · FabianLars · web-flow · commit d6d5f3707768 · 2025-08-16T09:13:10.000-03:00
* feat: add `--root-certificate-path` option for mobile dev lets you use a HTTPS development server example usage: ``` cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/mobile-dev-cert cargo tauri android dev --open --root-certificate-path "/Users/lucas/Library/Application Support/mkcert/rootCA.pem" --features tauri/rustls-tls ``` * Apply suggestions from code review Co-authored-by: Fabian-Lars <github@fabianlars.de> --------- Co-authored-by: Fabian-Lars <github@fabianlars.de>
diff --git a/.changes/load-cert-mobile.md b/.changes/load-cert-mobile.md
@@ -0,0 +1,5 @@
+---
+"tauri": minor:feat
+---
+
+Load root certificate from CLI-set environment variable and use it on the mobile dev server proxy.
diff --git a/.changes/mobile-dev-root-cert.md b/.changes/mobile-dev-root-cert.md
@@ -0,0 +1,6 @@
+---
+"tauri-cli": minor:feat
+"@tauri-apps/cli": minor:feat
+---
+
+Added `--root-certificate-path` option to `android dev` and `ios dev` to be able to connect to HTTPS dev servers.
diff --git a/crates/tauri-cli/src/mobile/android/dev.rs b/crates/tauri-cli/src/mobile/android/dev.rs
@@ -104,6 +104,9 @@ pub struct Options {
   /// e.g. `tauri android dev -- [runnerArgs]`.
   #[clap(last(true))]
   pub args: Vec<String>,
+  /// Path to the certificate file used by your dev server. Required for mobile dev when using HTTPS.
+  #[clap(long, env = "TAURI_DEV_ROOT_CERTIFICATE_PATH")]
+  pub root_certificate_path: Option<PathBuf>,
 }
 
 impl From<Options> for DevOptions {
@@ -138,6 +141,13 @@ pub fn command(options: Options, noise_level: NoiseLevel) -> Result<()> {
 
 fn run_command(options: Options, noise_level: NoiseLevel) -> Result<()> {
   delete_codegen_vars();
+  // setup env additions before calling env()
+  if let Some(root_certificate_path) = &options.root_certificate_path {
+    std::env::set_var(
+      "TAURI_DEV_ROOT_CERTIFICATE",
+      std::fs::read_to_string(root_certificate_path).context("failed to read certificate file")?,
+    );
+  }
 
   let tauri_config = get_tauri_config(
     tauri_utils::platform::Target::Android,
diff --git a/crates/tauri-cli/src/mobile/ios/dev.rs b/crates/tauri-cli/src/mobile/ios/dev.rs
@@ -109,6 +109,9 @@ pub struct Options {
   /// e.g. `tauri ios dev -- [runnerArgs]`.
   #[clap(last(true))]
   pub args: Vec<String>,
+  /// Path to the certificate file used by your dev server. Required for mobile dev when using HTTPS.
+  #[clap(long, env = "TAURI_DEV_ROOT_CERTIFICATE_PATH")]
+  pub root_certificate_path: Option<PathBuf>,
 }
 
 impl From<Options> for DevOptions {
@@ -142,6 +145,14 @@ pub fn command(options: Options, noise_level: NoiseLevel) -> Result<()> {
 }
 
 fn run_command(options: Options, noise_level: NoiseLevel) -> Result<()> {
+  // setup env additions before calling env()
+  if let Some(root_certificate_path) = &options.root_certificate_path {
+    std::env::set_var(
+      "TAURI_DEV_ROOT_CERTIFICATE",
+      std::fs::read_to_string(root_certificate_path).context("failed to read certificate file")?,
+    );
+  }
+
   let env = env()?;
   let device = if options.open {
     None
diff --git a/crates/tauri/src/protocol/tauri.rs b/crates/tauri/src/protocol/tauri.rs
@@ -114,7 +114,42 @@ fn get_response<R: Runtime>(
       decoded_path.trim_start_matches('/')
     );
 
-    let mut proxy_builder = reqwest::ClientBuilder::new()
+    let mut client = reqwest::ClientBuilder::new();
+
+    if url.starts_with("https://") {
+      // we can't load env vars at runtime, gotta embed them in the lib
+      if let Some(cert_pem) = option_env!("TAURI_DEV_ROOT_CERTIFICATE") {
+        #[cfg(any(
+          feature = "native-tls",
+          feature = "native-tls-vendored",
+          feature = "rustls-tls"
+        ))]
+        {
+          log::info!("adding dev server root certificate");
+          client = client.add_root_certificate(
+            reqwest::Certificate::from_pem(cert_pem.as_bytes())
+              .expect("failed to parse TAURI_DEV_ROOT_CERTIFICATE"),
+          );
+        }
+
+        #[cfg(not(any(
+          feature = "native-tls",
+          feature = "native-tls-vendored",
+          feature = "rustls-tls"
+        )))]
+        {
+          log::warn!(
+            "the dev root-certificate-path option was provided, but you must enable one of the following Tauri features in Cargo.toml: native-tls, native-tls-vendored, rustls-tls"
+          );
+        }
+      } else {
+        log::warn!(
+          "loading HTTPS URL; you might need to provide a certificate via the `dev --root-certificate-path` option. You must enable one of the following Tauri features in Cargo.toml: native-tls, native-tls-vendored, rustls-tls"
+        );
+      }
+    }
+
+    let mut proxy_builder = client
       .build()
       .unwrap()
       .request(request.method().clone(), &url);

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"tauri": minor:feat
 +---
++
 +Load root certificate from CLI-set environment variable and use it on the mobile dev server proxy.