xdg-activation: add options to make it more strict #2527
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These allow: - reject requests without a view supplied - only allow activating with the last issued token Both are disabled by default. Also added an option to control the timeout used by wlroots for invalidating tokens.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds three options to configure xdg-activation and allow more strict behavior. These include:
Currently, wlroots already rejects token creation if the client supplied a wl_surface which is not focused. However, if there is no surface, creating a token always succeeds, basically allowing any app to focus itself (e.g. using
gtk_window_present()which falls back to self-generated tokens with no surface if none is available in the environment). This can be a good thing e.g. when interacting with already running apps from the terminal, but can lead to unexpected focus changes as well. With this PR, this behavior can be changed according to individual preferences.A small test program is here: https://github.com/dkondor/xdg_activation_test -- it is a case of a parent passing tokens to a child process. Without this PR, all three cases in it always work. With the new, restrictive options enabled, only the first case works.
Note that this still does not do full focus stealing prevention, for that, we would need to keep track if the surface that requested the token loses focus. I would consider looking into that next if there is interest.
If this gets merged, I'm happy to add some notes to the Wiki on the options (and also on xdg-activation more generally).