Skip to main content
Solved

Understanding Security Restrictions: Drag and Drop Disabled When Aurena Agent is Enabled

A
Do Gooder (Employee)
Forum|alt.badge.img+5
  • asjaus
  • Do Gooder (Employee)
  • 6 replies

Hi everyone,

I’ve noticed that the drag and drop area is not enabled when the IFS Aurena Extension (Aurena Agent)  is installed and enabled for the environment the customer is working on. 

I understand that this is not a bug, but rather a feature. From what I gather, this is partly due to security restrictions in modern web browsers. Can anyone provide more details on these security restrictions? Specifically, why does drag and drop functionality conflict with the Aurena Agent?

I found some related information in this article, but I have a customer who is curious to hear more insights and experiences from the community. Are there any workarounds or best practices for users who rely on both features?

Thanks in advance for your expertise!

Best regards,
/ashley

Best answer by deshan.ekanayake

Hi @asjaus,

Thanks for posting in this forum.

The Aurena Agent consist of two main components: Aurena browser extension and Aurena Agent windows application. The extension facilitates communication between the browser and the Agent passing needed values fetching from the browser. The limitation is on the browser end where it doesn’t have the full file path information which the Agent needs to execute all greatly added functionalities.

This is not a security vulnerability in Aurena Agent or the extension. Modern web browsers have implemented security measures to protect users' privacy and data. One of these measures is the restriction on accessing the full file path from drag-and-drop(And also browser’s file picker) operations. Allowing web applications to access full file paths could expose sensitive information and pose security risks, in general sense from a browser’s perspective. Consequently, web browsers do not permit this functionality, ensuring that users' file systems remain secure and private given the below reasons from their end.

  • Privacy Protection: Allowing web applications to access full file paths could expose sensitive information about the user's file system and potentially reveal personal or confidential data.
  • Security Risks: Access to full file paths could be exploited by malicious websites or scripts to perform unauthorized actions, such as gaining insights into the user's directory structure or targeting specific files for attacks.
  • Sandboxing: Modern web browsers operate in a sandboxed environment, isolating web content from the local file system to prevent malicious access and ensure user safety.

You could also refer these documentation.

Mozilla docs: https://developer.mozilla.org/en-US/docs/Web/API/File/name

HTML specification: https://www.w3.org/TR/FileAPI/#dfn-name

Look/search for "path" in both places.

 

Considering the current limitations, it seems unfeasible to integrate Agent functionalities with the drag-and-drop feature at this time. A practical alternative could be to enable both features with differentiated functionalities: using drag-and-drop would follow the general workflow without Agent-added functionalities, while selecting files from the ‘Agent’s file picker’ would include those additional functionalities. We can consider this as a potential roadmap item for a future release.

  1. @Mathias Dahl @Mayura Wasantha @Jitharie @diwelk 

Thanks and best regards,

Deshan

View original
/ashley
Did this topic help you find an answer to your question?

6 replies

deshan.ekanayake
Do Gooder (Employee)
Forum|alt.badge.img+4

Hi @asjaus,

Thanks for posting in this forum.

The Aurena Agent consist of two main components: Aurena browser extension and Aurena Agent windows application. The extension facilitates communication between the browser and the Agent passing needed values fetching from the browser. The limitation is on the browser end where it doesn’t have the full file path information which the Agent needs to execute all greatly added functionalities.

This is not a security vulnerability in Aurena Agent or the extension. Modern web browsers have implemented security measures to protect users' privacy and data. One of these measures is the restriction on accessing the full file path from drag-and-drop(And also browser’s file picker) operations. Allowing web applications to access full file paths could expose sensitive information and pose security risks, in general sense from a browser’s perspective. Consequently, web browsers do not permit this functionality, ensuring that users' file systems remain secure and private given the below reasons from their end.

  • Privacy Protection: Allowing web applications to access full file paths could expose sensitive information about the user's file system and potentially reveal personal or confidential data.
  • Security Risks: Access to full file paths could be exploited by malicious websites or scripts to perform unauthorized actions, such as gaining insights into the user's directory structure or targeting specific files for attacks.
  • Sandboxing: Modern web browsers operate in a sandboxed environment, isolating web content from the local file system to prevent malicious access and ensure user safety.

You could also refer these documentation.

Mozilla docs: https://developer.mozilla.org/en-US/docs/Web/API/File/name

HTML specification: https://www.w3.org/TR/FileAPI/#dfn-name

Look/search for "path" in both places.

 

Considering the current limitations, it seems unfeasible to integrate Agent functionalities with the drag-and-drop feature at this time. A practical alternative could be to enable both features with differentiated functionalities: using drag-and-drop would follow the general workflow without Agent-added functionalities, while selecting files from the ‘Agent’s file picker’ would include those additional functionalities. We can consider this as a potential roadmap item for a future release.

  1. @Mathias Dahl @Mayura Wasantha @Jitharie @diwelk 

Thanks and best regards,

Deshan

/Deshan
Mayura Wasantha
Mathias Dahl
D
4 people like this
  • Mayura Wasantha
    Mayura Wasantha
  • Mathias Dahl
    Mathias Dahl
  • D
    diwelk
  • A
    asjaus
Mathias Dahl
Superhero (Employee)
Forum|alt.badge.img+32
  • Mathias Dahl
  • Superhero (Employee)
  • 2822 replies
  • July 9, 2024

After what Deshan wrote, I hope it's clear that we have a technical restriction on our hands, which makes it impossible to combine the use of the drag and drop feature with the Aurena Agent. 

With combine we mean use them together in the same check-in operation. This means that if drag and drop is used, we cannot execute a check-in macro or look for a view copy in the same folder. It's impossible. Period.

We can easily enable both though and if we do that we get a usability/UX problem on our hands. It is about how to communicate to the user that, if they select the file using drag and drop, they will lose features like check-in macros and view copy support.

We have several options:

1. We do nothing, and keep annoying and confusing some users

2. We provide options by which customers can control whether the two features are enabled or not and let them inform their users 

3. We try to design the UI to be as clear as possible on what happens and doesn't happen depending on if the user uses the drag and drop/Browse... area or not

4. Some combination of 2 and 3

We have a backlog item about looking into if and how we could enable both features at the same time while retaining a good UX where we don't confuse users. It's still not done though.

 

/Mathias
deshan.ekanayake
1 person likes this
  • deshan.ekanayake
    deshan.ekanayake
Irene Røn
Sidekick (Customer)
Forum|alt.badge.img+7
  • Irene Røn
  • Sidekick (Customer)
  • 34 replies
  • October 25, 2024

We experienced that this limitation in APP10 Aurena was introduced when installing Update24 (it was working in Update 20).

After some investigations we have found that setting the “Site access” parameter for the IFS Aurena Extension to “On click” will allow Aurena document attachment panel to show the “Drag and drop” panel. 

 

Mathias Dahl
Superhero (Employee)
Forum|alt.badge.img+32
  • Mathias Dahl
  • Superhero (Employee)
  • 2822 replies
  • October 25, 2024

@Irene Røn 

Hi,

> We experienced that this limitation in APP10 Aurena was introduced when installing Update24 (it was working in Update 20).

I think there is a misunderstanding, or at least I cannot remember adding any limitation between those updates. The "Aurena Agent vs Drag and drop conflict" is much older than that.

>  After some investigations we have found that setting the “Site access” parameter for the IFS Aurena Extension to “On click” will allow Aurena document attachment panel to show the “Drag and drop” panel. 

What you do there is just to force the user to click the IFS Aurena Extension every time the web browser loads IFS Aurena. Once it's enabled (after you have clicked) and if you reload the web page, the drag and drop area will be hidden. And, when the extension is not enable (if the user didn't enable it for that site by clicking), then you will not have features that require the Aurena Agent working (like running macros or automatically checking in view files).

It's good that you found this option, because it might make it a little bit easier for the user to control when they want the Aurena Agent to be used and not, but it does not allow them to use both the Aurena Agent and drag and drop at the same time. Sorry.

/Mathias
Irene Røn
Sidekick (Customer)
Forum|alt.badge.img+7
  • Irene Røn
  • Sidekick (Customer)
  • 34 replies
  • October 25, 2024

Well, we are in a situation now that the Update24 is not installed in PROD yet (wich have Update20), and in PROD environment the Drag and drop works together with Auena Agent. 

Understand the setting of “On click” wasn’t such a brilliant solution after all...

Mathias Dahl
Superhero (Employee)
Forum|alt.badge.img+32
  • Mathias Dahl
  • Superhero (Employee)
  • 2822 replies
  • October 25, 2024

@Irene Røn 

> Well, we are in a situation now that the Update24 is not installed in PROD yet (wich have Update20), and in PROD environment the Drag and drop works together with Auena Agent. 

They cannot work together. If it looks like that (the drag and drop area is visible) then it's because the Aurena Agent, or the Chrome extension really, is not currently enabled/active in your web browser tab.

And I'm pretty sure that the Update20 vs Update24 issue is based on a misunderstanding where you have tested in two different environments with the Aurena Agent active and not active, respectively.

> Understand the setting of “On click” wasn’t such a brilliant solution after all…

It's not a bad setting if you know how to work with it. That is, each time IFS loads, in order for the user to leverage the Aurena Agent, they need to click. As long as they don't click, the Aurena Agent is not active and the drag and drop area will be visible. The moment they do click though, and if they reload IFS, drag and drop be hidden.

 

/Mathias

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings