New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
open-uri: application URI handlers #1313
base: main
Are you sure you want to change the base?
Conversation
c44ea99
to
3be7a58
Compare
4078d00
to
71d59ad
Compare
86a74a4
to
4806ad1
Compare
Pre-empt the default URI scheme handlers, so that applications may specify scheme, host, port and path patterns. URIs are checked incrementally by part.
4806ad1
to
1833e6f
Compare
When matching URI handlers, prevent sending a link back to the source application. This allows an application to define broad patterns and reject unwanted URIs by explicitly calling `OpenUri()`.
This adds support for deserializing URI handlers from `.desktop` overrides in the user data directory, with the format: ```ini [URI Handler example.com] Scheme=https; Host=example.com;*.example.com; Port=443; Path=/resource/* ```
Add support for reading URI handlers from a proposed addendum to the intents-spec in the form: ```ini [Implements org.freedesktop.UriHandler] Patterns=*.openstreetmap/node/*;*.openstreetmap/way/*; ```
1833e6f
to
11c6af7
Compare
This is a good start. But I think we also need an additional handler for something requesting a specific app to open a deep link and if that app is not installed, prompt to install it. There recently was a security "incident" in Germany, where an app was attacked, due to it only asking for a schema and somebody placed a malicious app, that basically got priority (as oder is not defined by the ios implementation it seems). So the correct way to handle that would have been to use apples universal links https://developer.apple.com/ios/universal-links/ Here's a post about the vulnerability https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1 |
Add support for applications to handle URIs more specifically than just by scheme.
If an application invokes
OpenUri()
with URI it claims to handle, the portal will omit it from the possible handlers and fallback to the browser if there are none.