Security Permissions Dialog
Version Information
For versions of OpenFin prior to v20, if a desktop owner does not block an application’s use of a secured API, it is permitted. Starting in v20, if the desktop owner (or their delegate) does not explicitly allow a secured API for an application, it is blocked by default.
Versions of OpenFin between v20 and v24 automatically allow secured APIs if the runtime fails to connect to the RVM or if the RVM doesn't exist. Starting in v24, secured APIs are blocked if the RVM cannot be reached (due to messaging failures) or if the RVM doesn't exist (the runtime was launched from the CLI).
Accepting/Rejecting Permissions
- The allow/reject information is stored in the
cache.dat
file (located in the rvm installation location). This file will need to be deleted for the reset the prompt, forcing it to reappear. - You can check if a secure api has been allowed/rejected by using the following API call:
System.queryPermissionForCurrentContext
. For example, if you wanted to query the clipboard-read permission, open the devtools and in the console enter:
await fin.System.queryPermissionForCurrentContext('webAPIs.clipboard-read').then(result => console.log(result)).catch(err => console.log(err));
- Another way to check whether the permissions have been accepted/rejected is by checking the runtime debug.log. If verbose logging (
--v=1
) has been enabled, the logs should show something like below (depending on whether the user accepted/rejected):
22-08-25 10:43:16.582 | 29908:25732 | INFO | VERBOSE | SBD: Not in trusted legacy app list. Denied by user.
22-08-25 10:43:16.583 | 29908:25732 | INFO | VERBOSE | User denied permissions from Review Security Permissions prompt
Supressing Security Permissions Dialog
- You can set a Global Default Permission via Desktop Owner Settings to supress the security dialog. An example DOS can be found here: Example DOS
Comments
0 comments
Please sign in to leave a comment.