blob: c5880225aca6338265075b25a5469d75ee16f776 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
## Permissions
<!-- TODO(lucacasonato): what are permissions -->
<!-- TODO(lucacasonato): description of all permissions -->
### Permissions whitelist
Deno also allows you to control the granularity of permissions with whitelists.
This example restricts file system access by whitelisting only the `/usr`
directory:
```shell
$ deno run --allow-read=/usr https://deno.land/std/examples/cat.ts /etc/passwd
error: Uncaught PermissionDenied: read access to "/etc/passwd", run again with the --allow-read flag
► $deno$/dispatch_json.ts:40:11
at DenoError ($deno$/errors.ts:20:5)
...
```
Try it out again with the correct permissions by whitelisting `/etc` instead:
```shell
$ deno run --allow-read=/etc https://deno.land/std/examples/cat.ts /etc/passwd
```
`--allow-write` works the same as `--allow-read`.
### Network access:
_fetch.ts_:
```ts
const result = await fetch("https://deno.land/");
```
This is an example on how to whitelist hosts/urls:
```shell
$ deno run --allow-net=github.com,deno.land fetch.ts
```
Allow net calls to any host/url:
```shell
$ deno run --allow-net fetch.ts
```
|
