Summary
In codex-desktop-linux, the bundled OpenAI Browser plugin advertises support for file:// URLs, but Browser Use rejects file:// before origin allowlisting or user approval can happen.
I am not sure yet whether this is specific to the Linux wrapper/metadata path or an upstream OpenAI Browser plugin mismatch, but I wanted to report it here first because this install is using the Linux community desktop build.
Environment
- App:
ilysenko/codex-desktop-linux
- Codex Desktop shown in logs:
26.513.31313
- Browser plugin:
browser@openai-bundled 0.1.0-alpha2
- OS: Fedora Linux 44
- Browser backend: in-app browser (
iab)
- Installed app path includes:
/opt/codex-desktop
Observed behavior
Using the Browser plugin, localhost HTTP works correctly after approval/allowlisting:
However, navigating to a local file://... URL fails with:
Browser Use cannot visit the requested page because its URL is blocked by the Browser Use URL policy.
data: URLs are blocked the same way.
Expected behavior
Either:
file:// should work, because the Browser plugin description says it supports local file:// targets, or- the plugin manifest/docs should not advertise
file:// support.
Local evidence
The Browser plugin manifest/skill description says Browser can verify local targets including file://.
But the bundled browser-client.mjs appears to gate URLs with logic equivalent to:
var Z6 = new Set(["about:blank"])
function Qv(url) {
if (Z6.has(url)) return true
const parsed = new URL(url)
return parsed.protocol === "http:" || parsed.protocol === "https:"
}So file: and data: are rejected before any origin allowlist/user approval can apply.
I also observed an internal override key in the bundled client:
x-codex-browser-use-security-mode = disabled-for-local-testing
but normal Browser plugin request metadata did not include it in my session, and it does not appear user-configurable.
Workaround
Serving the same local files over localhost HTTP works:
python3 -m http.server 8766 --bind 127.0.0.1
Then Browser can use:
Question
Is this expected for the Linux desktop build, or is the Linux wrapper missing a metadata/security-mode path that upstream Codex Desktop uses for local file browsing? If this is purely upstream, I can also report it to openai/codex with a link back here.
Summary
In
codex-desktop-linux, the bundled OpenAI Browser plugin advertises support forfile://URLs, but Browser Use rejectsfile://before origin allowlisting or user approval can happen.I am not sure yet whether this is specific to the Linux wrapper/metadata path or an upstream OpenAI Browser plugin mismatch, but I wanted to report it here first because this install is using the Linux community desktop build.
Environment
ilysenko/codex-desktop-linux26.513.31313browser@openai-bundled0.1.0-alpha2iab)/opt/codex-desktopObserved behavior
Using the Browser plugin, localhost HTTP works correctly after approval/allowlisting:
However, navigating to a local
file://...URL fails with:data:URLs are blocked the same way.Expected behavior
Either:
file://should work, because the Browser plugin description says it supports localfile://targets, orfile://support.Local evidence
The Browser plugin manifest/skill description says Browser can verify local targets including
file://.But the bundled
browser-client.mjsappears to gate URLs with logic equivalent to:So
file:anddata:are rejected before any origin allowlist/user approval can apply.I also observed an internal override key in the bundled client:
but normal Browser plugin request metadata did not include it in my session, and it does not appear user-configurable.
Workaround
Serving the same local files over localhost HTTP works:
Then Browser can use:
Question
Is this expected for the Linux desktop build, or is the Linux wrapper missing a metadata/security-mode path that upstream Codex Desktop uses for local file browsing? If this is purely upstream, I can also report it to
openai/codexwith a link back here.