New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFE] Return true when the system provides handler for specific scheme #330
Comments
So the question here is if firefox should try to use the portal for schemes that it otherwise supports by itself? Or is the question if firefox should never use the portal, even if it does not support the scheme itself? |
|
The request is just not very clear to me. "Ask if localhost:1234 is supported and if not "open as http:" - this does not sound like url handling to me at all - localhost: is really not a protocol that some application could speak, The things that the OpenURI portal is meant to handle are:
Anything else, like exotic schemes that people like to invent, local socket names, etc, really |
The In flatpak we've tried to be overoptimistic by expecting that all schemes are supported by the flatpak portal, showing the "Use the system handler" (as we do for the file mimetypes) and then we've forwarded the opening of the url to the portal. This basically has been working but obviously not for the unsupported schemes. So having a portal to which we can send a SystemDoYouHaveAppForThisScheme('scheme') and receive true/false would be really helpful there. Otherwise there won't be a support passing these urls to the system handlers. |
+1 recent firefox flatpak update breaks any "x-scheme-handler" - see https://bugzilla.mozilla.org/show_bug.cgi?id=1688966 |
more simply, @xhorak is wanting xdg-open to fail if the system does not have any handler |
If I was in security, I would say that is an information leak that helps the potential attacker. Turning things around, for every uri that firefox can support internally, firefox could just tell the mime system that it supports this scheme / mime-type, and then firefox would show up as one of the apps in the app chooser that is presented when you call the OpenURI portal. So if the user wants firefox to handle the url, it can just pick it in the dialog. There might be some argument for recognizing the case where the app that made the OpenURI call gets picked to handle the uri, and return some 'handle it yourself' value. |
The information leak / fingerprinting angle here reminds me of this discussion: flatpak/flatpak#4311 |
Like the app is trying to query as much as possible of the uri scheme handlers to create fingerprint? Possible, but there can be more reliable ways to get that info, thanks @jokeyrhyme for the link.
This is unfortunatelly not possible, if user type something like
Also I'm afraid that what the @violetmage suggests, that:
won't help us there, because for security reasons the Firefox first ask user if he really wants to open the uri in the system application. It does not show the dialog for unsupported uri schemes, it tries to open it or use it as search query. We simply don't want to show the uri dialog for unsupported system uri schemes under flatpak. |
We have a support for specific url scheme, like: magnet:, tg:, etc. see: https://en.wikipedia.org/wiki/List_of_URI_schemes in the system. The problem is that the application have no clue if the scheme is supported by the system.
For the Firefox it means that we expect that every scheme is supported by the system (as a workaround) and we use gtk_show_uri to pass that to the system. But imagine URL like
localhost:1234
, normally under non-flatpak environment the Firefox first ask system if it has handler for thelocalhost
scheme and if not, it proceed to the opening the page as http, but since we declare that system actually has handler forlocalhost:
scheme the page is never opened in the Firefox.The text was updated successfully, but these errors were encountered: