window.showDirectoryPicker opens up a whole new world

Posted by steveharrison 1 day ago

window.showDirectoryPicker opens up a whole new world(steveharrison.dev)

112 points | 107 comments

streptomycin 1 day ago|

This isn't new, the API has been around for several years. Unfortunately Mozilla and Apple say they are never going to implement it because of security concerns https://github.com/mozilla/standards-positions/issues/154

It is a great API though, I wish the other browser vendors liked it! Because currently us PWA developers are really limited when trying to make apps that work with local data, at least in non-Chrome browsers.

codedokode 1 day ago||

Firefox position is completely valid. I think a safe option would be to allow access only to a specific directory like "~/Internet files" or something like this. This way the user could grant the access but not to sensitive files. And add an option in about:config to lift the restriction for power users.

Also, there is a risk of a site writing malware executable, and Linux currently has no sandboxing for such executables so the system would be completely owned once the user runs the program. So the directory should not allow storing executables.

shortercode 1 day ago|||

Both sides are valid. Is it a security risk? In the right conditions yes. But on the other side of it there’s user consent, limited per domain access, and the capability to do multi file editor style apps.

I think the WebKit take on this is good and a better fit for most apps. They instead implemented Origin Private File System. Which is based on the same API bits but the folder is only accessible by the website. The downside is the user loses some control over the files:

- can’t see what’s being stored

- can’t easily backup those files

- has to use that web app to access the files

- usual nonsense about important files being classed as “cookies” or some nonsense by cache cleaning tools, leading to users deleting their data without realising it

xg15 11 hours ago|||

As I understood it, the two APIs have different purposes, so I don't think you can really compare them.

Origin Private File System is for files that the app manages internally and that normally, the user should never touch - like stuff in /var or AppData for native applications. Hence why browsers make no guarantees where on disk they will store those files or even if they'll store them as files at all.

But I think that's not really very interesting, because it's not offering anything new you couldn't already do with localStorage or indexedDB, just with a file-like API. Hence why browsers also put it in the same "ephemeral local data" bucket as those APIs.

The directory picker API would offer a new ability, namely to "open a directory" in user-managed space and work with it like an IDE would. But I can see why the security risks are too large for that.

codedokode 1 day ago|||

> The downside is the user loses some control over the files:

Why not use some human-readable path like ~/Internet/example.com/ ? In this case the user could see the files.

shortercode 16 hours ago||

Mmm so there’s 2 trade offs as far as I can see if you used a folder which both the user and app can access.

Firstly if an app does want a space that’s filesystem shape but does not want users/apps to have access for security or consistency reasons ( think Spotify offline storage of songs ).

Secondly if the user has access they can do the “easy” thing and just throw lots of files in, including things which are sensitive anyway.

It’s interesting to look at how Android and iOS have handled filesystem sandboxing in relation to this.

codedokode 10 hours ago||

> Firstly if an app does want a space that’s filesystem shape but does not want users/apps to have access for security or consistency reasons ( think Spotify offline storage of songs ).

Then they should not store anything on user's device.

> Secondly if the user has access they can do the “easy” thing and just throw lots of files in, including things which are sensitive anyway.

OS could add a warning when copying the files into the folder.

> It’s interesting to look at how Android and iOS have handled filesystem sandboxing in relation to this.

Many apps on Android request "media access" which allows accessing all user files.

benregenspan 1 day ago|||

I'd love for Google to figure out something comparable for the Drive API (currently it's not possible to grant read/write access to a single folder; you need to grant access to the entire drive!): https://issuetracker.google.com/issues/36760598?pli=1

I think the fact that the above issue has been open for a very long time is one indication of how difficult and sensitive this type of access control API is. The Google Drive API could be a proving ground for getting the UX right for this (including tricky details like how to manage persistent access to a folder with clear disclosure and user controls).

ethbr1 1 day ago||

Is it really that complicated?

Why not just create per-domain browser-controlled folders (cert-linked?) that are abstracted into a simple read/write API via the browser (with subfolders allowed under that domain's root), disallow cross-domain access... and then build browser-mediated linking for use cases where you want to flow files from (non-domain) to (domain) to (non-domain)?

So essentially local storage with better integration with the actual filesystem, that's browser-controlled.

Allowing websites to have arbitrary (even user-approved) access directly to the real filesystem seems like a bad idea, when most use cases could be handled by a browser-mediated filesystem-like abstract view.

xg15 11 hours ago||

> Why not just create per-domain browser-controlled folders (cert-linked?) that are abstracted into a simple read/write API via the browser (with subfolders allowed under that domain's root), disallow cross-domain access

This part already exists, that's the "Origin-private file system".

> ...and then build browser-mediated linking for use cases where you want to flow files from (non-domain) to (domain) to (non-domain)?

That's pretty much what the directory picker is - or would have been. Apparently it doesn't satisfy the security worries of some.

sharperguy 1 day ago|||

You could implement it this way:

- the first time you select a directory it must be empty

- you can drag files in there afterwards

- the directory gets whitelisted for future use

Probably has bad usability, but would be more secure.

NooneAtAll3 1 day ago|||

fortunately*

Theodores 1 day ago||

Ah, but it is new to Claude. Claude has main character vibes, so it is always about Claude. Isn't he clever?

Claude can stay in his own lane, I want to know how I can use this during development to simulate uploading photos, so Chrome only is okay for my purposes. But I want to know how to do it, not how much better Claude is than me, forever able to do anything I can do but better.

KetoManx64 5 hours ago||

> But I want to know how to do it, not how much better Claude is than me, forever able to do anything I can do but better.

So tell the clanker to explain to you in detail about how the system works? It's a piece of code that does what you tell it to, treat it as so.

nasso_dev 1 day ago||

it's a bit of a shame that TFA does not mention that this is a non-standard API pushed by google only (all three editors of the draft are google engineers)

both Mozilla[1] and Apple[2] are opposed to it

encouraging people to build apps that only work in google web browsers actively harms the web and sends a signal to google that they can in fact keep doing this

[1] https://mozilla.github.io/standards-positions/#native-file-s...

[2] https://webkit.org/standards-positions/#position-28

sarreph 1 day ago||

I think something that is a mix between localStorage or IndexedDB and access to the user's filesystem would be better.

I agree with the comments about how much of a security risk this poses. But, isn't that the case with any binary or executable files and apps we download from the internet anyway?

It would be cool if you could have a specially-demarcated directory (e.g. even inside the application like `~/Applications/Chrome/<website>/local_files`) which you can just open super easily with a button from Chrome, and just copy files over into that directory as needed. Would provide the benefits of a more secure enclave with the flexibility of being on the filesystem.

streptomycin 1 day ago|

That is similar to https://developer.mozilla.org/en-US/docs/Web/API/File_System... except AFAIK that does not allow any way to access it as a normal directory outside the browser.

explodes 1 day ago||

First time I've heard about this. I'll have to look into the security model around it. I'm curious what safeguards are in place to prevent click jacking. I know showing a file picker """should""" be enough of a warning to users to be careful, but it's not hard to imagine a world where a couple of fish accidentally bite the bait of an allow-button, or because they followed instructions they incorrectly trusted.

explodes 1 day ago||

Looks like these safeguards are in place:

* System and root directories cannot be selected. * Can only being activated after user action. * Requires https. * Double-confirmation for write access.

No API like this could ever be bulletproof, but it's a start I guess.

Very cool API though, and it really does open up a whole new world of possibilities.

ptx 1 day ago|||

Those are some pretty flimsy safeguards. I don't keep my secrets in system directories and using HTTPS doesn't mean the site isn't malicious.

Ajedi32 1 day ago||

> I don't keep my secrets in system directories

Root of the home directory is also excluded.

But obviously yeah, nothing's going to prevent you from giving a website access to your .ssh directory if you explicitly select it.

Personally I don't have a problem with that. The ability to upload files has been a thing on the web for forever and I don't think there's ever been anything that stopped users from uploading their private key. Possibly some users have gotten phished that way, but at a certain point you have to accept responsibility for your own actions, otherwise you start ceding control of your life to a corporate nanny state.

mschuster91 1 day ago|||

> System and root directories cannot be selected.

That desperately needs something like the Public Suffix List [1] - a community-managed list where authors of software can blacklist directories containing sensitive files or such files directly for all browsers implementing this feature.

If I were to design such a list, it would include ~/.ssh, ~/.aws, ~/.config, ~/Library, ~/.{ba,z}sh{rc,_profile,_history}, ~/.m2, ~/.npm, ~/.npmrc, ~/.profile at the very least. Because users will get phished.

[1] https://en.wikipedia.org/wiki/Public_Suffix_List

inigyou 1 day ago|||

This is still a security nightmare! You won't get every folder, or even enough folders.

codedokode 1 day ago|||

Black listing is never secure. White listing is. Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.

Diti 1 day ago|||

If you see a directory for pictures, it means XDG directories are available in your system. Then you can change their location at will, and place them as deep in your user directory as you like. Like in `~/opt/art/visual/picture`.

My Nix Home Manager settings for XDG directories:

    xdg.userDirs = {
      enable = true;
      createDirectories = true;
      desktop = "${config.home.homeDirectory}/var/desktop";
      documents = "${config.home.homeDirectory}/opt/docs";
      download = "${config.home.homeDirectory}/var/download";
      music = "${config.home.homeDirectory}/opt/art/music";
      pictures = "${config.home.homeDirectory}/opt/art/visual/picture";
      publicShare = "${config.home.homeDirectory}/var/public";
      videos = "${config.home.homeDirectory}/opt/art/visual/video";
      templates = "${config.home.homeDirectory}/opt/templates";
    };

yjftsjthsd-h 1 day ago|||

> Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.

~/Pictures and ~/.ssh are as far apart as they can be while staying in the user's home directory. I guess you could stick stuff in... /var or something, but that seems worse overall.

cicko 1 day ago||

This is something you should explain to the Firefox critics.

asdfsa32 1 day ago||

Chrome and friends (Edge, Opera) are basically the new IE6 and only people who are new or forgetful will disagree. I hate Mozilla for missing up so bad with their stewardship of Firefox time and again, but alas, it is the only reasonable option on the table.

And while I do hate Mozilla, Google is to be disliked even more.

recursive 1 day ago||

IE6 stagnated after MS won the browser wars. It didn't get an update for like 6 years. Chrome has become a monoculture too but I think it's one of another kind.

asdfsa32 13 hours ago||

IE6 stagnated because that was ideal for Microsoft who was mainly in the business of desktop; Chrome is now eroding user privacy and becoming a rubbish OS because that is ideal for a Google's Ad revenue and web based business. It is the same.

ptx 1 day ago||

So websites can now nag users to allow access to the root of their local disk and then read all their files and settings, all their SSH keys and other passwords?

From what I gather from the docs [1], this API gives you a FileSystemDirectoryHandle object, and then you just call getDirectoryHandle() on that to recursively read the the entire filesystem. The spec [2] has some vague suggestions about blacklisting certain particularly sensitive files, which doesn't seem reassuring.

[1] https://developer.chrome.com/docs/capabilities/web-apis/file...

[2] https://wicg.github.io/file-system-access/#privacy-wide-acce...

jaffathecake 1 day ago||

> So websites can now nag users to allow access to the root of their local disk

No, Chrome doesn't allow this.

Here's a simple demo: https://output.jsbin.com/kekekac/quiet - note that you can't select root, Downloads etc.

croes 1 day ago||||

In this example

https://web.dev/patterns/files/open-a-directory

I can select Downloads

codedokode 1 day ago||

I could select /boot and ~/.cache. Genius. Given how smart are many Internet users this will definitely not cause any misuse.

ThatMedicIsASpy 1 day ago||

After seeing a recaptcha with a QR code. Suddenly those fake recaptchas with a run dialog don't seem too far fetched.

move-on-by 1 day ago|||

Ah yes, totally secure. I’m sure there will be no unforeseen problems or bypasses.

streptomycin 1 day ago||

It's been in Chrome for 6 years and I'm not aware of any problems it's caused.

fg137 1 day ago|||

I'd argue this is because it's rarely used.

croes 1 day ago|||

Yet. It’s not hard to imagine a case where it is a bad idea to give the browser access to the whole content of a directory.

There is a reason why it’s Chromium browsers only, don’t you think?

streptomycin 1 day ago|||

So what should I do if I want to make an app with this functionality? Do I have to tell users to download and run some executable? You can imagine a case where that is a bit riskier than a nicely sandboxed web app with permission to access one directory.

danaris 1 day ago||

> Do I have to tell users to download and run some executable?

Well, yes.

The alternative is to give any malicious ad the ability to drive-by-download malware onto your machine.

streptomycin 1 day ago|||

Well there is a permission dialog and you need to select the directory to grant access and common sensitive directories are blacklisted.

A malicious ad would probably have an easier time tricking you into downloading and running an executable, which is something that has actually happened many times IRL. Worry about that before worrying about theoretical exploits that nobody has actually exploited in an API shipped in the world's most popular web browser for the past 6 years.

croes 14 hours ago||

Did you try this?

https://web.dev/patterns/files/open-a-directory

At least it got the number of files in the selected directory including Program Files and Windows\System32

I didn't click upload, so ...

rcxdude 1 day ago||||

That isn't how any of these things work, though. This kind of thing needs a permission to be granted by the user and it does not extend to third-party ads appearing on the site that it is granted to (banner ads have, for a long time, been sandboxed in iframes in the browser to prevent such exploits). I wish native applications had this level of isolation from each other.

modeless 1 day ago|||

Did you miss that this has been shipped in Chrome for 6 years? How many drive-by-download viruses has your machine gotten since then? Zero for me...

danaris 1 day ago||

Mine?

None.

Because I don't use Chrome.

It's spyware.

rcxdude 1 day ago||||

Just because a problem is not hard to imagine it doesn't mean that the problem is actually a problem in practice. It is worth asking if there are any signs of it existing for real.

croes 1 day ago||

I hear a lot of this "nothing has happened so far" from people who DUI before their first crash and people who use the same password on multiple sites before their first credential stuffing hack

rcxdude 1 day ago||

to use your analogy you're claiming that half the population has been driving drunk for years and yet you aren't pointing to an increased rate of collisions on the road. This is not the same thing as an individual doing a dumb thing and getting away with it for a while.

croes 14 hours ago||

Could it simply be because many use their smartphone to browse the web and of those many have an Apple device and Safari based browsers don't support that API?

It's like the eraly claims that MacOS has no viruses. No the bad guys jsut didn't care enough because the ROI wasn't big enough

leptons 1 day ago|||

Apple will never implement anything in a browser that could make a web app as capable as a native mobile app, they are simply too greedy. Firefox typically doesn't implement these things unless they have to because they don't have the resources that Google and Apple do.

Ajedi32 1 day ago|||

Root directory would be on that blacklist for sure.

Those "vague suggestions" actually seem to include some pretty specific examples.

> A user’s entire "home" directory. Individual files and directories inside the home directory should still be allowed, but user agents should not generally let users give blanket access to the entire directory.

EnergyAmy 1 day ago||

That's not at all specific. What individual files and directories?

Ajedi32 1 day ago||

All of them, unless they're also on the list of examples to exclude (like the Downloads folder).

I think the point is that as long as the user is sharing things on purpose and not by accident, it should be allowed. Selecting the root of the home directory would probably share a lot of things the user didn't really intend to share (because a lot of apps just dump random config files and stuff in there), but if they specifically select a subfolder they probably have a good idea of what that folder contains.

superjan 1 day ago|||

Is the camera roll excluded? I bet I am not the only one who has a passport picture in there. I don’t know about other people’s camera rolls, but I bet it is occasionally more saucy than mine.

(Sorry for not testing. Chrome-hater)

cnr 1 day ago||

Let's not forget that, at the same time, Google forces every developer of any Android app to register in the Google database using an ID scan, otherwise no one can install it.

All for the sake of "dear user safety".

jaen 1 day ago||

Unfortunately currently only supported by Chrome/Chromium:

https://developer.mozilla.org/en-US/docs/Web/API/Window/show...

AlienRobot 1 day ago||

Chromium has around the same market share as Windows, so at this point I feel people are targeting it as a web application development platform just as people target Windows.

inigyou 1 day ago||

(intentionally, because it's a massive security risk and only Google doesn't care about endpoint security)

danhardman 1 day ago||

A few people have suggested adding a blacklist for dangerous directories or validating directories are empty first.

Why not just make the API create a new directory rather than selecting one? There's still a risk people create a directory in a shared location - but at least they're only risking the new directory then, right?

Ajedi32 1 day ago|

I think the intended use case is for things like "give my music player access to my music library" or "open a project directory in this IDE", which wouldn't work well if every app were confined to its own directory.

danhardman 1 day ago||

I guess, but it seems pretty typical to expect to install a new software or start a new project and require some form of loading/importing content in. It wouldn't exactly destroy the experience or at least the trade-off seems worth it imo

no_way 1 day ago||

I am using this api for music player[0] in the browser. Biggest share of my users are using Chromebooks, where besides Android apps are not much alternatives. If this API was not available closest thing would be to make an Electron app, which has much more broad system access to users device than a website using showDirectoryPicker.

Regarding security I think Chrome got right balance on this: you always need to select folder, sensitive ones are excluded, on repeat visits if you try to access a file, it asks you permission again, you can't get full filename paths and so on.

[0] https://github.com/minht11/local-music-pwa

insin 16 hours ago||

I'm using this API in the internal [1] model-independent LLM chat app I work on at an F100, and it ruined using the Claude and ChatGPT web interfaces for me outside of work [2] because I'm used to being able to point the model at a folder so it can be directed to find and pull in relevant context itself, being able to add folder mid-chat and saying "you do it", and being able to have the model run code to work with local files of any size your browser can handle (every time we released a new version people would drag in their huge Excel files and go "still doesn't work" as we used to extract and context stuff the contents, but now it can poke around in them directly to find sheets/headers/structure and write code to do whatever they wanted).

Claude Opus on its own with filesystem tools built around the FileSystemDirectoryHandle API [3] makes for a pretty decent coding agent - I've been using the app to write itself live on its own development server ever since it got the ability to edit its own files, which is some of the most fun development I've done recently. I think writing your own harness is probably the most fun thing you can do with an LLM, which is why so many people do it - getting the model to add and then start using a new tool you had an idea for in the same chat is always fun.

[1] which seems like the best scenario for it in terms of the security/privacy issues it poses

[2] I ended up creating an MCP server rooted to a specific local directory - which I can expose to them via Cloudflare Tunnel - and a browser extension which adds a folder picker button to their chat interfaces, so I can get an almost-equivalent experience. This is really ugly in ChatGPT but works as well as I'm used to in Claude.

[3] as a bonus, the tools you write against this API will also be compatible with the Origin private file system (OPFS) API if you want to give your chats a virtual filesystem for the model to write to, or to copy user-attached files into

steveharrison 1 day ago|

I'm really excited about window.showDirectoryPicker and the local-first web apps it will enable. There's lots of talk about local-first sync engines, but the best sync engine is one you don't even manage, like the user's file system / cloud storage service!

Ajedi32 1 day ago||

Yes, I think this modern trend towards storing user data in app/website-specific databases instead of in files has been bad for consumer freedom. Files are naturally portable and provide a interface for inter-operating with competing software in a way that data stored in the cloud or an app-specific database does not.

APIs that encourage websites to store user data in files are a positive thing.

zb3 1 day ago||

[flagged]

reddalo 1 day ago||

Firefox may not be the best browser, but it's the last full-featured non-commercial independent browser still available (excluding forks like Waterfox).

If we want a free and open internet, we need to protect Firefox at all costs.

coldpie 1 day ago|||

Please don't give trolls attention. Just downvote & move on.

gchamonlive 1 day ago||

But it's fun

zb3 1 day ago|||

> non-commercial

They inject various unwanted integrations (like pocket in the past).

> independent

Independent from who, Google? Well, no, not even independent from Google, that's the truth.

More comments...