Microsoft Edge Prompt This Site Is Trying To Open

Have you ever been using Microsoft Edge and tried to launch a Teams URL, or maybe a Citrix Receiver URL, and received the Microsoft Edge prompt This Site Is Trying To Open [protocol]?

In older versions of Edge you might see a checkbox enabling the user to select ‘Always Allow’ but in more recent versions of Edge, this checkbox doesn’t appear and the group policy has stopped working!

An example of a protocol is the part of a URL that comes before the :// part. For example, http is a protocol. So is ftp. Now of course those protocols work fine out of the box, but more bespoke protocols such as the Citrix Receiver protocol (receiver://) do not, and require a level of trust.

It seems that nowadays the most secure way of making protocols open without prompt is to us the policy to define a list of protocols that can launch an external application from listed origins without prompting the user. This policy takes a string of JSON (awkwardly on one line!) to specify URLs and protocols. As an example, to permit the Citrix Receiver protocol on www.alkanesolutions.co.uk we might add:

[ { "allowed_origins": [ "https://www.alkanesolutions.co.uk" ], "protocol": "receiver" } ]

Of course, when we’re writing these rules we might want to use some formatting first to make things more legible like so:

[
{
"allowed_origins":[
"https://www.alkanesolutions.co.uk"
],
"protocol":"receiver"
}
]

We could add more URLs to permit the ‘receiver’ protocol like so:

[
{
"allowed_origins":[
"https://www.alkanesolutions.co.uk",
"https://www.another.co.uk"
],
"protocol":"receiver"
}
]

I’d advise writing your JSON rule and then validating it somewhere like here. Once you’re happy with it, ‘minify’ it into one line using something like this so that you can paste it into the group policy.

I resolved this issue recently when a web application tried to send a print job. The easiest way to work out the protocol is to open the Developer Tools in Edge, and view the Network tab. Then invoke the part of the website that causes the prompt. In the network tab look out for the last piece of activity (in red font) and find the protocol. In my example, the protocol was webclientprintiv (in the Network tab this looked like webclientprintiv://) and my rule looked like so:

{ "allowed_origins": [ "http://url-in-network-tab" ], "protocol": "webclientprintiv" }