Trouble with Security Permissions and running CURL

samuelkordik · May 22, 2017, 12:55pm

Full script here: https://gist.github.com/samuelkordik/06cfc24bec357e9c413dda7933e3444e

I have a separate task that starts a new time entry in Toggl, and puts the Toggl ID in the task notes in OF. This script is supposed to complete the task in OF, end the time entry in Toggl, and update the estimated time with the actual time spent. It works fine when run from the AppleScript editor, but throws a permissions error when run inside Omnifocus. From what I can tell, the error specifically has to do with this line:
var output = JSON.parse(appC.doShellScript(“curl -v -u xxxx:api_token ‘https://www.toggl.com/api/v8/time_entries/current’”));

and it seems to run fine when the app used is the Script Editor but choke when the app used (current app) is Omnifocus.

What is weird is that my other script uses a very similar command (but written in AppleScript) and seems to be fine.

I’m using Javascript (JXA) because I can’t seem to parse JSON reliably in AppleScript to interact with the API. It’s frustrating how little it is documented.

Any ideas?

dave · May 22, 2017, 5:25pm

Does the script work if you save it as an Application from Script Editor and use it that way? It sounds like a sandbox violation on OmniFocus.

samuelkordik · May 25, 2017, 11:02am

So the script does work if it is not running inside the sandboxed environment in OmniFocus (i.e. running it from the script menu instead of the toolbar).

I rewrote it as an AppleScript script, using jq to process the JSON results, and it works fine. So apparently JXA triggers a sandbox violation, but AppleScript issuing the exact same commands does not.

dbyler · June 28, 2017, 11:02am

FWIW I ran into the same issue and used this workaround: Focus in New Tab …a hack but it works