Bypassing AppProtocol Prompts

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Starting in Edge 82.0.425.0 Canary, a new flag is available.

Edge Canary showing an "Always allow [this website] to open links of this type..." checkbox

This is a good move; a relatively simple innovation that’s sure to help end-user security. If you can’t see what’s different above without following the link through to the original article, here’s the short version: an upcoming version of Edge will allow you to authorise a specific site to open a particular application to handle a link… without having to compromise by choosing either to (a) see the security dialog every single time (which teaches users to “just click OK”) or (b) allow the dialog to be suppressed for links that open a particular application (which makes it easier for bad guys to make poisonous links).

So you’ll be able to, for example, say “slack.com can open Slack for me, but other websites have to ask”. Nice.

I hope that other browser manufacturers follow suit, especially on mobile where the web/web-launched-native-app boundary has never been fuzzier.

Leave a Reply

Your email address will not be published. Required fields are marked *