open-uri: application URI handlers #1313
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andyholmes
force-pushed
the
andyholmes/uri-handling
branch
4 times, most recently
from
c44ea99
to
3be7a58
Compare
andyholmes
force-pushed
the
andyholmes/uri-handling
branch
3 times, most recently
from
4078d00
to
71d59ad
Compare
andyholmes
changed the title
andyholmes
force-pushed
the
andyholmes/uri-handling
branch
2 times, most recently
from
86a74a4
to
4806ad1
Compare
Pre-empt the default URI scheme handlers, so that applications may specify scheme, host, port and path patterns. URIs are checked incrementally by part.
andyholmes
force-pushed
the
andyholmes/uri-handling
branch
from
4806ad1
to
1833e6f
Compare
When matching URI handlers, prevent sending a link back to the source application. This allows an application to define broad patterns and reject unwanted URIs by explicitly calling `OpenUri()`.
This adds support for deserializing URI handlers from `.desktop` overrides in the user data directory, with the format: ```ini [URI Handler example.com] Scheme=https; Host=example.com;*.example.com; Port=443; Path=/resource/* ```
Add support for reading URI handlers from a proposed addendum to the intents-spec in the form: ```ini [Implements org.freedesktop.UriHandler] Patterns=*.openstreetmap/node/*;*.openstreetmap/way/*; ```
andyholmes
force-pushed
the
andyholmes/uri-handling
branch
from
1833e6f
to
11c6af7
Compare
|
This is a good start. But I think we also need an additional handler for something requesting a specific app to open a deep link and if that app is not installed, prompt to install it. There recently was a security "incident" in Germany, where an app was attacked, due to it only asking for a schema and somebody placed a malicious app, that basically got priority (as oder is not defined by the ios implementation it seems). So the correct way to handle that would have been to use apples universal links https://developer.apple.com/ios/universal-links/ Here's a post about the vulnerability https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for applications to handle URIs more specifically than just by scheme.
If an application invokes
OpenUri()with URI it claims to handle, the portal will omit it from the possible handlers and fallback to the browser if there are none.