Type of installed package (Snap, AppImage, deb, rpm, pacman): development
Bug description
First of all thanks for making this app, it generally works great, but I have run into an issue while developing a plugin:
Opening external urls from a plugin is blocked.
For an auth flow I need to open a page in the regular browser, but calling window.open( url, '_blank') from the plugin ui html, does nothing. Anchor elements (<a>) with target="_blank" also seem affected.
The only thing that does work is opening figma.com urls, which gave me a hint.
Disabling the isFigmaUrl check, fixes the problem for me, but is maybe naive. I think probably a check should be done to verify that urls are in the plugin manifest allowedDomains section.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
This section of the figma plugin development guide describes setting up an oauth flow using window.open:
This section describes the allowedDomains part of the plugin manifest, although it doesn't appear to apply to window.open, so I'm not sure if that should be limited at all...
screenfetch
:Bug description
First of all thanks for making this app, it generally works great, but I have run into an issue while developing a plugin:
Opening external urls from a plugin is blocked.
For an auth flow I need to open a page in the regular browser, but calling
window.open( url, '_blank')
from the plugin ui html, does nothing. Anchor elements (<a>
) withtarget="_blank"
also seem affected.The only thing that does work is opening figma.com urls, which gave me a hint.
I have pinned down the change to this line:
https://github.com/Figma-Linux/figma-linux/blob/dev/src/main/Ui/Tab.ts#L204
Here opening any non-figma url is prevented,
Disabling the
isFigmaUrl
check, fixes the problem for me, but is maybe naive. I think probably a check should be done to verify that urls are in the plugin manifestallowedDomains
section.Screenshots If applicable, add screenshots to help explain your problem.
Additional context
This section of the figma plugin development guide describes setting up an oauth flow using
window.open
:https://www.figma.com/plugin-docs/oauth-with-plugins/#authentication-flow
This section describes the
allowedDomains
part of the plugin manifest, although it doesn't appear to apply towindow.open
, so I'm not sure if that should be limited at all...https://www.figma.com/plugin-docs/manifest/#networkaccess