Default Browser Not Opening Correctly with `--default-browser` Parameter

[leinardi]

Describe the bug
Since a couple of releases of the GlobalProtect-openconnect CLI client, the default browser is not opening correctly anymore. My default browser is set to Chrome, and in the past, it always worked fine using the parameter --default-browser. However, now it always opens Firefox instead of Chrome.

Expected behavior
When using the GlobalProtect-openconnect CLI client with the --default-browser parameter, I expected my default browser, Chrome, to open automatically, as it did in previous versions.

Screenshots
No screenshots available

Logs

• GUI version: Not applicable.
• CLI version:

sudo gpclient --fix-openssl connect address-redacted.com --default-browser
[2024-08-28T13:10:12Z INFO  gpclient::cli] gpclient started: 2.3.7 (2024-08-16)
[2024-08-28T13:10:12Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect
[2024-08-28T13:10:12Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-08-28T13:10:12Z INFO  gpauth::cli] gpauth started: 2.3.7 (2024-08-16)
[2024-08-28T13:10:12Z INFO  gpauth::cli] Fixing OpenSSL environment
[2024-08-28T13:10:12Z INFO  gpapi::process::browser_authenticator] Launching the default browser...
[2024-08-28T13:10:12Z INFO  gpauth::cli] Please continue the authentication process in the default browser
[2024-08-28T13:10:12Z INFO  gpauth::cli] Listening authentication data on port 36877
[2024-08-28T13:10:12Z INFO  gpauth::cli] If it hangs, please check the logs at `/tmp/gpcallback.log` for more information

Environment:

• OS: Ubuntu 22.04.4 LTS
• Desktop Environment: GNOME
• Output of ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep: rleinar+ 4311 0.0 0.0 388896 7372 ? Sl 08:42 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
• Is remote SSH? No

Additional context
This issue started appearing after recent updates to the GlobalProtect-openconnect CLI client. Previously, using the --default-browser parameter correctly opened the default browser set in the system preferences. Probably related to the changes from #360

[yuezk]

Consider using the --browser chrome option to specify the browser you want to use.

On Wed, Aug 28, 2024 at 21:27 Roberto Leinardi @.***> wrote:

Describe the bug Since a couple of releases of the GlobalProtect-openconnect CLI client, the default browser is not opening correctly anymore. My default browser is set to Chrome, and in the past, it always worked fine using the parameter --default-browser. However, now it always opens Firefox instead of Chrome.

Expected behavior When using the GlobalProtect-openconnect CLI client with the --default-browser parameter, I expected my default browser, Chrome, to open automatically, as it did in previous versions.

Screenshots No screenshots available

Logs

• GUI version: Not applicable.
• CLI version:

sudo gpclient --fix-openssl connect address-redacted.com --default-browser [2024-08-28T13:10:12Z INFO gpclient::cli] gpclient started: 2.3.7 (2024-08-16) [2024-08-28T13:10:12Z INFO gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect [2024-08-28T13:10:12Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect [2024-08-28T13:10:12Z INFO gpauth::cli] gpauth started: 2.3.7 (2024-08-16) [2024-08-28T13:10:12Z INFO gpauth::cli] Fixing OpenSSL environment [2024-08-28T13:10:12Z INFO gpapi::process::browser_authenticator] Launching the default browser... [2024-08-28T13:10:12Z INFO gpauth::cli] Please continue the authentication process in the default browser [2024-08-28T13:10:12Z INFO gpauth::cli] Listening authentication data on port 36877 [2024-08-28T13:10:12Z INFO gpauth::cli] If it hangs, please check the logs at /tmp/gpcallback.log for more information

Environment:

• OS: Ubuntu 22.04.4 LTS
• Desktop Environment: GNOME
• Output of ps aux | grep 'gnome-keyring|kwalletd5' | grep -v grep: rleinar+ 4311 0.0 0.0 388896 7372 ? Sl 08:42 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
• Is remote SSH? No

Additional context This issue started appearing after recent updates to the GlobalProtect-openconnect CLI client. Previously, using the --default-browser parameter correctly opened the default browser set in the system preferences. Probably related to the changes from #360 https://github.com/yuezk/GlobalProtect-openconnect/issues/360

— Reply to this email directly, view it on GitHub https://github.com/yuezk/GlobalProtect-openconnect/issues/416, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZFCQTQ3YWK7STOFK23VDDZTXF2XAVCNFSM6AAAAABNIJPHZOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQ4TEMBXHE3DSNI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[leinardi]

Thanks, I'm already using that workaround, but still it's a issue that --default-browser is not actually starting the default browser, like it used to do before the regression.

[yuezk]

Does --browser default work for you

On Wed, Aug 28, 2024 at 23:08 Roberto Leinardi @.***> wrote:

Thanks, I'm already using that workaround, but still it's a issue that --default-browser is not actually starting the default browser, like it used to do before the regression.

— Reply to this email directly, view it on GitHub https://github.com/yuezk/GlobalProtect-openconnect/issues/416#issuecomment-2315630790, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZFCQR2WNCI63BRTZIAWKTZTXRYDAVCNFSM6AAAAABNIJPHZOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJVGYZTANZZGA . You are receiving this because you commented.Message ID: @.***>

[leinardi]

Unfortunately not: it behaves exactly like --default-browser

[yuezk]

The default-browser option can still launch the browser, but it is not the default one, right?

Can you finish authentication in the launched browser?

[yuezk]

Hi @leinardi, both the --default-browser and --browser default options work as expected for me on Ubuntu 20.04.6 LTS, GNOME 3.36.8. Do you have other Linux machines to test with?

[leinardi]

Hi @yuezk, I have another installation of Ubuntu 24.04, but I'm also available to do a remote debugging session using TeamViewer or some other remote desktop software if you want to have a look at what's going on on my 22.04.4.

Anyway, I did some more tests and I found out a strange behavior... These 2 commands open Firefox correctly:

sudo -E gpclient --fix-openssl connect redacted-address.com --browser firefox
gpauth redacted-address.com --browser firefox

but if I replace --browser firefox with --browser default or --default-browser Chrome, the default browser, is not open but telegram-desktop is opened instead!

I installed telegram-desktop using snap.

How is --browser default trying to detect the default browser? Probably there is some issue in the detection logic because it worked fine in the previous versions and I had telegram-desktop installed since the beginning.

And I double checked and Chrome is the default browser of the system:

And this is the output of xdg-settings get default-web-browser:

$ xdg-settings get default-web-browser
google-chrome.desktop

and xdg-open http://google.com it correctly opens in Chrome, the default browser, so I really think that there is something faulty in how the GlobalProtect-openconnect is detecting it.

[yuezk]

@leinardi under the hood, it will use xdg-open to launch the browser. https://github.com/Byron/open-rs/blob/c26d98cc66979f153682690201a4748026012224/src/unix.rs#L17-L22

1. Try to run xdg-open https://google.com to see if it can open the default browser.
2. Try to run echo '<h1>hello, world</h1>' > /tmp/test.html && xdg-open /tmp/test.html to see if it can open the default browser.

[leinardi]

Hi @yuezk

1. Try to run xdg-open https://google.com to see if it can open the default browser.

This question was already answered in my previous comment:

and xdg-open http://google.com it correctly opens in Chrome, the default browser, so I really think that there is something faulty in how the GlobalProtect-openconnect is detecting it.

2. Try to run echo '<h1>hello, world</h1>' > /tmp/test.html && xdg-open /tmp/test.html to see if it can open the default browser.

ok this is very strange: xdg-open /tmp/test.html opens telegram but xdg-open http://google.com opens Chrome (the default browser).

It looks like telegram was somehow associated with the .html file extension.

The interesting thing is that the default application associated with it (if I press the "Reset" button) is Firefox and not Chrome:

Unfortunately xdg-open file:///tmp/test.html still opens the MIME type associated with .html and not the default browser.

But sensible-browser /tmp/test.html seems to work (it opens Chrome instead of Firefox), could you maybe evaluate to use sensible-browser when the --default-browser and --browser default options and fallback to xdg-open if sensible-browser is not available (should be preinstalled on all the Debian-based distributions)?

Btw you can find if there is a mismatch between the default browser and the MIME type associated with .html running these commands:

$ xdg-mime query default text/html
firefox.desktop
$ xdg-settings get default-web-browser
google-chrome.desktop

so it would be possible to find a solution that works on every distribution if you run xdg-settings get default-web-browser and extract the default browser from the .desktop file. Something like this perhaps?

#!/bin/bash

# Get the .desktop file for the default web browser
desktop_file=$(xdg-settings get default-web-browser)

# Look for the .desktop file in standard locations
desktop_file_path=$(find /usr/share/applications ~/.local/share/applications -name "$desktop_file" 2>/dev/null | head -n 1)

# Check if the .desktop file was found
if [ -z "$desktop_file_path" ]; then
    echo "Error: Could not find the .desktop file for the default web browser."
    exit 1
fi

# Extract the Exec line, which typically starts with "Exec="
exec_line=$(grep -i '^Exec=' "$desktop_file_path" | head -n 1)

# Remove the "Exec=" prefix and take only the first word (the binary path)
browser_binary=$(echo "$exec_line" | sed 's/^Exec=//' | awk '{print $1}' | sed 's/\"//g')

# Check if the binary path is found
if [ -z "$browser_binary" ]; then
    echo "Error: Could not extract the browser binary path."
    exit 1
fi

# Output the path to the binary
echo $browser_binary

[yuezk]

@leinardi thanks for sharing this! I will fix it. BTW, do you have the $BROWSER environment variable on your system?

[leinardi]

@yuezk nope, it is not set: $ env | grep BROWSER returns nothing and echo $BROWSER returns an empty string.

[yuezk]

Yes, the default browser detection can be enhanced. I will fix it in the next release.