xi-desktop-portals

Simpler specifications for Linux desktop APIs.
git clone https://git.ce9e.org/xi-desktop-portals.git
commit
c96dc742d78baf34600f10679d5fc647d78cced5
parent
c64c0bb698e4410e94f75b26fde0d6f70ef993cf
Author
Tobias Bengfort <tobias.bengfort@posteo.de>
Date
2026-03-14 10:45
[OpenURI] spec

Diffstat

A OpenURI/README.md 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++

1 files changed, 54 insertions, 0 deletions

diff --git a/OpenURI/README.md b/OpenURI/README.md 

@@ -0,0 +1,54 @@
   -1     1 # OpenURI Portal
   -1     2 
   -1     3 The OpenURI portal allows applications to open URIs (e.g. `https://`,
   -1     4 `file://`, or `mailto:`).
   -1     5 
   -1     6 ## Description
   -1     7 
   -1     8 -   To open a URI, an application should
   -1     9     -   connect to the socket at `$XDG_RUNTIME_DIR/xi.portal.OpenURI`
   -1    10     -   send the URI
   -1    11     -   read the response
   -1    12     -   close the connection
   -1    13 -   On success, the response is an empty string.
   -1    14 -   On error, the response is a human-readable error message.
   -1    15 -   `file://` URIs must be interpreted in the mount namespace of the calling
   -1    16     process
   -1    17 
   -1    18 Example usage:
   -1    19 
   -1    20 ```sh
   -1    21 $ printf "https://example.com" | nc -U "$XDG_RUNTIME_DIR/xi.portal.OpenURI"`
   -1    22 ```
   -1    23 
   -1    24 ## Open Questions
   -1    25 
   -1    26 -   How to pass [activation tokens](https://wayland.app/protocols/xdg-activation-v1)?
   -1    27 -   It is not clear how support for `file://` URIs should be implemented. The
   -1    28     namespace is available at `/proc/{pid}/root/`, but that will go away when
   -1    29     the calling process exits.
   -1    30 
   -1    31 ## Compatibility Considerations
   -1    32 
   -1    33 This portal and the corresponding XDG Desktop Portals can coexist without
   -1    34 issue. However, it is not easily possible to implement one on top of the other
   -1    35 because of the very different handling of `file://` URIs.
   -1    36 
   -1    37 ## Security Considerations
   -1    38 
   -1    39 -   Applications might cause Denial of Service by excessive use. The portal
   -1    40     service may implement rate limiting.
   -1    41 -   Applications might exfiltrate data by passing parameters to an
   -1    42     attacker-controlled domain. This is especially relevant if simpler means of
   -1    43     data exfiltration (i.e. network access) is blocked. In those cases, access
   -1    44     to this portal should be blocked as well.
   -1    45 -   Applications might try to open malicious URIs. The portal should refuse to
   -1    46     open potentially dangerous URIs (e.g. executable files).
   -1    47 -   In the case of `file://` URIs, the portal must not leak information (e.g.
   -1    48     PID, host path) in the error message.
   -1    49 
   -1    50 ## Related Links
   -1    51 
   -1    52 -   [org.freedesktop.portal.OpenURI](https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.OpenURI.html)
   -1    53 -   [org.freedesktop.portal.Email](https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Email.html)
   -1    54 -   [RFC 6068 - The 'mailto' URI Scheme](https://www.rfc-editor.org/rfc/rfc6068)