Move xdg-native-messaging-proxy under Flatpak project

Jan Grulich jgrulich at redhat.com
Mon Apr 14 17:03:42 UTC 2025 

st 9. 4. 2025 v 20:10 odesílatel Georges Basile Stavracas Neto <
georges.stavracas at gmail.com> napsal:

> Thanks for the email
>
> Concretely, moving the project to under https://github.com/flatpak/ is
> not any sort
> of technical challenge - just needs someone with elevated permissions to
> do it.
>
> The interesting question is if there's enough consensus on the whole
> approach.
> Personally, I agree that something like xdg-native-messaging-proxy is
> better off
> living in a separate service, given we have extensive knowledge on the
> issues
> and design mishaps of the whole thing.
>
> What I'd like to know is if Firefox folks would be open to changing their
> patches
> slightly to it.
>

There is discussion about this topic in this Firefox upstream ticket:
https://bugzilla.mozilla.org/show_bug.cgi?id=1955255


> Does anybody else have thoughts on this?
>
> With respect,
> Georges
>
> Em ter., 8 de abr. de 2025 às 12:48, Jan Grulich <jgrulich at redhat.com>
> escreveu:
>
>> Hi,
>>
>> It’s been three years since the first pull request was made to add a
>> portal for WebExtensions
>> <https://github.com/flatpak/xdg-desktop-portal/pull/705> to
>> xdg-desktop-portal. This version of the portal has been added to Ubuntu
>> packages, but it has never been part of any xdg-desktop-portal release.
>> Recently, there were attempts to push this portal forward, so a new pull
>> request was opened
>> <https://github.com/flatpak/xdg-desktop-portal/pull/1537>, keeping the
>> same portal API, just the code was rebased and updated with some additional
>> fixes, but ended up in the same situation → not being MERGED. This sparked
>> some discussion about whether such a portal should be part of
>> xdg-desktop-portal at all. Sebastian Wick <sewick at redhat.com> had the
>> idea to create a separate small service and called it
>> xdg-native-messaging-proxy
>> <https://github.com/swick/xdg-native-messaging-proxy>. This service
>> takes the core of the original portal for WebExtensions, but exposes it on
>> a bus address which only is accessible to sandboxed apps if they declare
>> talk permission via their manifest and thus get marked as potentially
>> unsafe. This addresses the concerns that the xdg-desktop-portal APIs are
>> supposed to be secure for sandboxed applications.
>>
>> It seems the consensus is to go with the separate
>> xdg-native-messaging-proxy service, and the original portal will never
>> officially be part of xdg-desktop-portal, so I would like to propose moving
>> xdg-native-messaging-proxy under the flatpak project. The reason for this
>> is that I would like to make this the "official" solution, and having it as
>> someone else's project won't get applications to start adopting it. Also an
>> official Flatpak project will likely get more contributors, reviews and
>> bugs. We're also stuck with the adoption of the xdg-native-messaging-proxy
>> on the Firefox side, where unfortunately the original portal support was
>> merged in <https://phabricator.services.mozilla.com/D140803>, although
>> it was never anything official and is unlikely to be changed and reviewed
>> until we get a clear upstream decision.
>>
>> What are your thoughts on this proposal? What would be the necessary
>> steps if we decide to move forward with integrating xdg-native-messaging
>> into the Flatpak project?
>>
>> Regards,
>>
>> Jan Grulich
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20250414/6e5fce72/attachment.htm>

More information about the Flatpak mailing list