From de38c771fc4d0a9c5073e40719751b0badc6a60f Mon Sep 17 00:00:00 2001 From: tokyo4j Date: Fri, 9 Aug 2024 15:56:26 +0900 Subject: [PATCH] xdg-activation: temporarily disable source surface verification 71451173 validates the xdg-activation token more strictly by verifying the source surface attached to the token. That improves the security by preventing arbitrary focus-stealing. However, not all clients attach a right source surface to the token or use the received token for activation. For example, when a notification client requests thunderbird to activate its window, thunderbird doesn't use the token passed by the notification client and instead use their own token, thus the activation is rejected as the surface attached to the token is not focused. We will add options to configure the policy for activation requests or implement urgency hint in some way in the future and reland the source surface verification. --- src/xdg.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/xdg.c b/src/xdg.c index ad0e19c1..eb106141 100644 --- a/src/xdg.c +++ b/src/xdg.c @@ -785,10 +785,17 @@ xdg_activation_handle_request(struct wl_listener *listener, void *data) return; } - if (!token_data->had_valid_surface) { - wlr_log(WLR_INFO, "Denying focus request, source surface not set"); - return; - } + /* + * TODO: The verification of source surface is temporarily disabled to + * allow activation of some clients (e.g. thunderbird). Reland this + * check when we implement the configuration for activation policy or + * urgency hints. + * + * if (!token_data->had_valid_surface) { + * wlr_log(WLR_INFO, "Denying focus request, source surface not set"); + * return; + * } + */ if (window_rules_get_property(view, "ignoreFocusRequest") == LAB_PROP_TRUE) { wlr_log(WLR_INFO, "Ignoring focus request due to window rule configuration");