Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Origin-Scoped Directory Access #21

Closed
inexorabletash opened this issue Aug 2, 2018 · 2 comments
Closed

Origin-Scoped Directory Access #21

inexorabletash opened this issue Aug 2, 2018 · 2 comments

Comments

@inexorabletash
Copy link
Member

Forking off from #14

@AshleyScirra suggested:

There might be an opportunity for a hybrid approach: if there's a sandboxed filesystem, but the user can choose which folder that is on their device, then they could do something like create a new folder for a web app, then move any files they want the web app to see there. This provides at least some way for users to integrate with the OS file system, while preventing any wider access. IIRC, the filesystem API that Chrome had didn't directly expose the actual files anywhere that normal users might find them.

...

Yes, if the browser creates a folder for the user somewhere, and all file system access is scoped to just that folder, then that gives you a basic level of file system interop without ever letting web apps see anything else on the file system. Existing files can only be exposed if the user explicitly moves files to that folder.

@mkruisselbrink clarifies:

I.e. one particular folder on the filesystem created by the browser for this particular origin (and only this origin) to access. Requiring the user to move files into/out of that folder to achieve interop with other apps.

This may be conceptually equivalent to a "choose directory" action where the user selects "New Folder", but if this were the default it has the interesting security/privacy properties:

  • Sites only get access to data that the user explicitly moves into the folder
  • No cross-origin sharing without explicit user action (moving files between folders)

... but unlike previous "sandboxed" FS proposals the files do exist on the native file system under the user's control, so interop between web apps is possible.
@inexorabletash inexorabletash mentioned this issue Aug 2, 2018
Closed
@ddumont
Copy link

ddumont commented Aug 22, 2019

This would work great for my use-case #14 (comment)

As long as it doesn't burden the user with tons of prompts to save files in that directory.

@mkruisselbrink
Copy link
Contributor

Closing this for now. I think between the sandboxed/origin private file system we have defined, and a hypothetical "directory download" API (#29) I think we have most use cases covered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mkruisselbrink @ddumont @inexorabletash