Connecting JabRef Portable to sandboxed web browser

Help
1

JabRef 5.9, Linux Portable, out of any sandboxes
Linux Manjaro 23.0.0
Jabref-extension in Vivaldi, latter one as Linux native package, not sandboxed
Jabref-extension in Firefox, and Chromium both sandboxed (Snap)

Those browsers here sandboxed in snap app don’t get connected to JabRef-app. Not sandboxed Vivaldi connects to JabRef app with no problems.
First idea was confinement of browser snap app to be forming a barrier for JabRef to browser connection, however no apparmor=“DENIED” logs related to web-browsers in use and at time period corresponding to test were found in journal log (systemd).

  • How to troubleshot further?

  • Is it true

for file org.jabref.jabref.json to be placed in file tree sub-folder named native-messaging-hosts in Mozilla Firefox case while for Chromium/Chrome and all its derivatives the sub-folder name needs to be NativeMessagingHosts if the configuration is desired to be valid only for selected user account?

  • Is native messaging host interface an implementation of JabRef-team?
[user@pc230]$ tree --filelimit=6 /opt/jabref-5.9/
/opt/jabref-5.9/
├── bin
│   └── JabRef
└── lib
    ├── app
    │   └── JabRef.cfg
    ├── jabrefHost.py
    ├── JabRef.png
    ├── libapplauncher.so
    ├── native-messaging-host
    │   ├── chromium
    │   │   ├── bifehkofibaamoeaopjglfkddgkijdlh.json
    │   │   └── org.jabref.jabref.json
    │   └── firefox
    │       └── org.jabref.jabref.json
    └── runtime
        ├── bin  [19 entries exceeds filelimit, not opening dir]
        ├── conf
        │   ├── logging.properties
        │   ├── net.properties
        │   ├── sdp
        │   │   └── sdp.conf.template
        │   ├── security
        │   │   ├── java.policy
        │   │   ├── java.security
        │   │   └── policy
        │   │       ├── limited
        │   │       │   ├── default_local.policy
        │   │       │   ├── default_US_export.policy
        │   │       │   └── exempt_local.policy
        │   │       ├── README.txt
        │   │       └── unlimited
        │   │           ├── default_local.policy
        │   │           └── default_US_export.policy
        │   └── sound.properties
        ├── legal  [44 entries exceeds filelimit, not opening dir]
        ├── lib  [40 entries exceeds filelimit, not opening dir]
        └── release

17 directories, 21 files

[user@pc230]$ cat ~/.mozilla/native-messaging-hosts/org.jabref.jabref.json 
{
  "name": "org.jabref.jabref",
  "description": "JabRef",
  "path": "/opt/jabref-5.9/lib/jabrefHost.py",
  "type": "stdio",
  "allowed_extensions": [
    "browserextension@jabref.org",
    "@jabfox"
  ]
}

[user@pc230]$ cat ~/.config/google-chrome/NativeMessagingHosts/org.jabref.jabref.json 
{
  "name": "org.jabref.jabref",
  "description": "JabRef",
  "path": "/opt/jabref-5.9/lib/jabrefHost.py",
  "type": "stdio",
  "allowed_origins": [
    "chrome-extension://bifehkofibaamoeaopjglfkddgkijdlh/",
    "chrome-extension://pgkajmkfgbehiomipedjhoddkejohfna/"
  ]
}

[user@pc230 ~]$ cat ~/.config/chromium/NativeMessagingHosts/org.jabref.jabref.json 
{
  "name": "org.jabref.jabref",
  "description": "JabRef",
  "path": "/opt/jabref-5.9/lib/jabrefHost.py",
  "type": "stdio",
  "allowed_origins": [
    "chrome-extension://bifehkofibaamoeaopjglfkddgkijdlh/",
    "chrome-extension://pgkajmkfgbehiomipedjhoddkejohfna/"
  ]
}

[user@pc230 ~]$ cat ~/.mozilla/native-messaging-hosts/jabref_browser_extension.log 
[user@pc230 ~]$
2

Snap packages are sandboxed so that they run in a constrained environment, isolated from the rest of the system. They are designed that way. For them this is a feature, not a bug, as it’s supposed to be very secure. See here: A guide to snap permissions and interfaces | Ubuntu.

There are possibilities to grant special permissions to interact with these snaps via “slots”. I don’t know exactly how to do it and have not done this before, but I think, if you dig a little, you will find how to do it.

At least, if we assume, what you experience is caused by the sandboxing.

4

The browser uses native messaging to connect to JabRef, It’s a cross platform browser standard:

And on linux the jabrefHost.py script is the communication endpoint
https://github.com/JabRef/jabref/blob/main/buildres/linux/jabrefHost.py

The browser extensions’s code is here GitHub - JabRef/JabRef-Browser-Extension: Browser extension for JabRef to allow importing of new items directly from the browser.

7

You might want to check the docs about the manual configuration Browser Extension - JabRef