FR: ssh: open check URL in the right Chrome profile

[bradfitz]

I use a handful of different Chrome profiles for various Google accounts (personal, golang.org, work).

I often have the wrong one in the foreground when I ssh to a Tailscale SSH server and get the check mode prompt.

It'd be nice if the Tailscale agent on my machine could open my browser into the right Chrome profile.

Chrome has a --profile-email flag to do this:

$ /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --profile-email=bradfitz@example.com http://example.com/

For tailnets using Google Auth, know which Google email the user wants to use.

And if they're using Chrome as their default browser, it'd be nice to do the above to open the URL.

From Windows it's easy.

From macOS there might be sandboxy-y reasons it's harder. Maybe there's a way, though? @nickoneill @mihaip?

/cc @maisem @mayakacz

[nickoneill]

Tried out using NSWorkspace.openConfiguration with an argument when doing NSWorkspace.open(url.... It opens the url but it never switches profiles. Then I noticed this in the docs for the arguments property:

If the calling process is sandboxed, the system ignores the value of this property.

Other googling suggests more obscure methods for passing arguments are also blocked by the sandbox. Open to other ideas but I think I'm getting the message Apple is trying to send...

[mayakacz]

I did not know this was an option! This would be great for demos.

[mihaip]

Thought we could maybe use the appleEvent option to send a custom Apple Event to get it to switch profiles, but opening the dictionary in Script Editor shows nothing related to profiles. Based on https://crbug.com/174117 it doesn't look like it'll happen anytime soon.

[valscale]

There are a few open source programs to set rules on which browser to open links in on the Mac. E.g. https://github.com/johnste/finicky

[bradfitz]

Our macOS app's GUI is no longer sandboxed on the macsys (non App Store) builds, so this would now be possible.

/cc @barnstar @agottardo