Bug#908730: kmail: Query string stripped from hyperlinks in kmail

To: Stuart Prescott <stuart@debian.org>
Cc: 908730@bugs.debian.org
Subject: Bug#908730: kmail: Query string stripped from hyperlinks in kmail
From: Vladislav Kurz <vladislav.kurz@webstep.net>
Date: Thu, 20 Sep 2018 10:03:04 +0200
Message-id: <[🔎] 3334491.v4RJCXuTv6@hex>
Reply-to: Vladislav Kurz <vladislav.kurz@webstep.net>, 908730@bugs.debian.org
In-reply-to: <[🔎] 5b9af1f9.1c69fb81.1719c.6785@mx.google.com>
References: <153682703594.7456.16943875913400257441.reportbug__1302.18963972784$1536827120$gmane$org@hex.webstep.net> <[🔎] 5b9af1f9.1c69fb81.1719c.6785@mx.google.com> <[🔎] 153682703594.7456.16943875913400257441.reportbug@hex.webstep.net>

Dne pátek 14. září 2018 9:25:41 CEST jste napsal(a):
> Vladislav Kurz wrote:
> > Since upgrading to debian 9, I have a problem with emails form our
> > helpdesk system. Links have query string with ticket id, or even action to
> > do (take, resolve,...), but the query string is ignored. It seems that
> > kmail is stripping it, perhaps as some sort of security feature. It would
> > be nice to have them back, at least for whitelisted websites. I was not
> > able to find any setting that would allow that.
> 
> I don't think it's kmail that is stripping this (it works just fine for me
> in stretch), but rather a setting for how to determine in what application
> the URL should be opened.
> 
> What do you have in
> 
> K → System settings → Applications → Default Applications → Web Browser
> 
> I suspect that you have that set to "in an application based on the contents
> of the URL". That setting has kmail (or rather underlying libraries) fetch
> the resource (or at least the HEAD) and then picks your browser for HTML,
> okular for a PDF, gwenview for a JPG etc.

Yes it was set as above.

> The sequence is (roughly):
> 
> * kmail asks www server for resource or metadata about the resource (I
> assume it's a HEAD request, I've not checked)
> 
> * in doing this look-up, various http redirects are followed
> 
> * when kmail's libraries look at your helpdesk URL you are not authenticated
> (even though you might be in your browser)
> 
> * the helpdesk server helpfully redirects you to a login form
> 
> * the login form is HTML
> 
> * HTML is for a www browser so your browser is opened pointing to the
> current URL which is a login form
> 
> (I can replicate what you see with password protected resources where no
> query string is involved, just a redirect to a login form)

After I submitted the bug report I have noticed that the query string was not 
stripped for bugs.debian.org (which does not need any login)
 
> Changing the aforementioned setting to "in the following browser" may be
> sufficient.

Yes, it has fixed the problem.
Thank you very much for this hint.

However I think that, even if it is not a bug in kmail, it should be made 
clear to users, that the default setting will cause problems on sites that 
need authentication. Or that when the browser is opened, it shall go to the 
link I have clicked and not on any redirects that kmail has found out by 
himself. I'm not sure how other apps behave in such case, if the behavior is 
specific to kmail, or provided by some common KDE library routine. In that case 
this bug should be reassigned appropriately.

Cheers
Vladki

Reply to:

References:
- Bug#908730: kmail: Query string stripped from hyperlinks in kmail
  - From: Stuart Prescott <stuart@debian.org>
- Bug#908730: kmail: Query string stripped from hyperlinks in kmail
  - From: Vladislav Kurz <vladki@karneval.cz>

Prev by Date: libkgapi_18.07.90-2_amd64.changes ACCEPTED into experimental, experimental
Next by Date: Bug#909246: [powerdevil] powerdevil closed unexpectedly when resuming from suspend
Previous by thread: Bug#908730: kmail: Query string stripped from hyperlinks in kmail
Next by thread: [bts-link] source package src:okular
Index(es):
- Date
- Thread