search

Figma-Linux / figma-linux

Figma is the first interface design tool based in the browser, making it easier for teams to create software. Join us in https://t.me/figma_linux
GNU General Public License v2.0
2.55k stars 155 forks source link

opening external urls from plugins via window.open doesn't work #359

Closed Machiel-B closed 5 months ago

Machiel-B commented 5 months ago

Bug description

First of all thanks for making this app, it generally works great, but I have run into an issue while developing a plugin:

Opening external urls from a plugin is blocked.

For an auth flow I need to open a page in the regular browser, but calling window.open( url, '_blank') from the plugin ui html, does nothing. Anchor elements (<a>) with target="_blank" also seem affected.

The only thing that does work is opening figma.com urls, which gave me a hint.

I have pinned down the change to this line:

https://github.com/Figma-Linux/figma-linux/blob/dev/src/main/Ui/Tab.ts#L204

Here opening any non-figma url is prevented,

Disabling the isFigmaUrl check, fixes the problem for me, but is maybe naive. I think probably a check should be done to verify that urls are in the plugin manifest allowedDomains section.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context

This section of the figma plugin development guide describes setting up an oauth flow using window.open:

https://www.figma.com/plugin-docs/oauth-with-plugins/#authentication-flow

This section describes the allowedDomains part of the plugin manifest, although it doesn't appear to apply to window.open, so I'm not sure if that should be limited at all...

https://www.figma.com/plugin-docs/manifest/#networkaccess

Machiel-B commented 5 months ago

I've added some links to the figma plugin development docs, for reference