Hi!
On 01/06/2025 06.02, Ubadah Assaf via Tails-dev wrote:
> Files uploads not blocked from /home/amnesia/.local/share/Trash/ but /home/amnesia/.local/share/Trash/ is not available in browser .
>
> After showing hidden files viewable in GNOME files. I was able to upload a .png that I deleted that was in Trash to a website.
>
> Was curious so this was a test but I'm not quite sure why apparmor or whatever sandboxing isn't more fine tuned? Before I wasn't able to access my whole home folder nor the Persistent storage from the browser if I went to upload to a site?
This is intentional and safe. Since Tails 6.14.1 [0] Tor Browser
mediates that kind of filesystem access through XDG Desktop Portals [1].
Cheers!
[0]
https://tails.net/news/version_6.14.1/
[1]
https://flatpak.github.io/xdg-desktop-portal/
