Max - Some background to help clarify matters and my responses to your points.
I have published two macOS apps on the Mac App Store which support Org Protocol in different ways: - Captee (launched April 2023) which constructs an Org Protocol request from the macOS Share Menu. - Scrim (launched April 2025) which is an Org Protocol proxy (scheme handler) for macOS. They are both commercial offerings and open source with their repositories published on GitHub. Among the motivations for writing Scrim was that all the guidance for macOS users on WORG related to setting up a scheme handler for Org Protocol was obsolete. This is because of macOS security policy changes starting about 4 years ago that prevent sandboxed macOS apps from calling emacsclient. This statement is corroborated by the Irreal post (https://irreal.org/blog/?p=12952) with the quote: "I’ve tried using Org Protocol before but could never get it to work." Because WORG had obsolete guidance for macOS users, I wasted a lot of time. My efforts to amend WORG is to hopefully help other users to avoid this. > I do not have a macOS machine to test, so I am unaware how to configure > org-protocol for macOS If you are able to procure one, I would be happy to provide guidance. > Recently I noticed: > Ihor Radchenko to emacs-orgmode. [BLOG] #17 [[bbb:OrgMeetup]] on Wed, Apr 9, > 19:00 UTC+3. Tue, 22 Apr 2025 16:27:56 +0000. > https://list.orgmode.org/87ecxkb1pv.fsf@localhost > kickingvegas showcased his new app he is developing > to support Org capture and Org protocol on macOS > - https://fosstodon.org/@kickingvegas@sfba.social/114314588128977624 > https://github.com/kickingvegas/Captee > - There is a need in special app because macOS now forbids arbitrary > apps from using URL protocols and a code signed app must be used > instead of emacsclient (which is not code signed and will likely > never be) > Should this project be mention on the Worg page or it is in too early work in > progress stage? As mentioned above, both Scrim and Captee are published apps on Mac App Store. They are not WIP. > In the proposed variant, details specific to macOS is scattered over several > sections. My impression that it causes repetitions. Have you considered > single section on macOS that discuss variants of Emacs package and suitable > URL scheme handlers for them? This is just a question, not a request to > update the document. There's a lot of configuration steps to get Org Protocol to work: 1. Setting up Emacs Server. 2. Setting up the Org Protocol Scheme Handler. 3. Setting up Org Protocol Capture. 4. Setting up Org Protocol URL Request. - Usually JS - App-dependent behavior Steps 1, 2, and 4 are platform-dependent (GNU/Linux, macOS, Windows), with steps 2 and 4 being especially so. It might perhaps be better to organize with respect to platform first, e.g. - GNU/Linux, BSD 1. Setting up Emacs Server. 2. Setting up the Org Protocol Scheme Handler. 3. Setting up Org Protocol Capture. (link to common section) 4. Setting up Org Protocol URL Request. - macOS 1. Setting up Emacs Server. 2. Setting up the Org Protocol Scheme Handler. 3. Setting up Org Protocol Capture. (link to common section) 4. Setting up Org Protocol URL Request. - Windows 1. Setting up Emacs Server. 2. Setting up the Org Protocol Scheme Handler. 3. Setting up Org Protocol Capture. (link to common section) 4. Setting up Org Protocol URL Request. Arguably much of this should actually go into the official Org documentation. The current WORG org-protocol.org file has a lot of old information that is obsolete or broken. Is it better to archive or just delete it? If the former then how should this be done? > Is there some kind of authentication for TCP/IP sockets? Otherwise it can be > insecure. Is it assumed that macOS is effectively as single (humane) user > system? Can web pages loaded into a browser connect to it? Some ports like 25 > (SMTP) are banned in browsers. I am unsure in which stage is the proposal to > add low level TCP socket API to JavaScript or if HTTP "garbage" sent to Emacs > server can be dangerous. TCP Emacs Server uses a shared secret file (default named "server") for authentication. https://www.gnu.org/software/emacs/manual/html_node/emacs/TCP-Emacs-server.html This behavior has been in Emacs for a very long time and I do not think that the WORG pages in discussion here are the appropriate place to litigate its security. That said, macOS security policy prevents the usage of local domain sockets as IPC between code-signed applications. However TCP socket communication between separately code-signed apps are. That is why TCP server must be used to get Org Protocol to work on macOS. As a side note, given that emacsclient has an --eval option, the merits of scrutinizing the security at the socket level are arguably moot. https://www.gnu.org/software/emacs/manual/html_node/emacs/emacsclient-Options.html Thanks for the feedback - hopefully this reply clarifies my intent and the direction of my rewrite of the org-protocol.org page. — Charles Y. Choi, Ph.D. kickingve...@gmail.com
