[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908730: kmail: Query string stripped from hyperlinks in kmail



Dne pátek 14. září 2018 9:25:41 CEST jste napsal(a):
> Vladislav Kurz wrote:
> > Since upgrading to debian 9, I have a problem with emails form our
> > helpdesk system. Links have query string with ticket id, or even action to
> > do (take, resolve,...), but the query string is ignored. It seems that
> > kmail is stripping it, perhaps as some sort of security feature. It would
> > be nice to have them back, at least for whitelisted websites. I was not
> > able to find any setting that would allow that.
> 
> I don't think it's kmail that is stripping this (it works just fine for me
> in stretch), but rather a setting for how to determine in what application
> the URL should be opened.
> 
> What do you have in
> 
> K → System settings → Applications → Default Applications → Web Browser
> 
> I suspect that you have that set to "in an application based on the contents
> of the URL". That setting has kmail (or rather underlying libraries) fetch
> the resource (or at least the HEAD) and then picks your browser for HTML,
> okular for a PDF, gwenview for a JPG etc.

Yes it was set as above.

> The sequence is (roughly):
> 
> * kmail asks www server for resource or metadata about the resource (I
> assume it's a HEAD request, I've not checked)
> 
> * in doing this look-up, various http redirects are followed
> 
> * when kmail's libraries look at your helpdesk URL you are not authenticated
> (even though you might be in your browser)
> 
> * the helpdesk server helpfully redirects you to a login form
> 
> * the login form is HTML
> 
> * HTML is for a www browser so your browser is opened pointing to the
> current URL which is a login form
> 
> (I can replicate what you see with password protected resources where no
> query string is involved, just a redirect to a login form)

After I submitted the bug report I have noticed that the query string was not 
stripped for bugs.debian.org (which does not need any login)
 
> Changing the aforementioned setting to "in the following browser" may be
> sufficient.

Yes, it has fixed the problem.
Thank you very much for this hint.

However I think that, even if it is not a bug in kmail, it should be made 
clear to users, that the default setting will cause problems on sites that 
need authentication. Or that when the browser is opened, it shall go to the 
link I have clicked and not on any redirects that kmail has found out by 
himself. I'm not sure how other apps behave in such case, if the behavior is 
specific to kmail, or provided by some common KDE library routine. In that case 
this bug should be reassigned appropriately.

Cheers
Vladki


Reply to: