Bug 354822

Summary: Opening link in mail directs user to received location header instead of link
Product: [Applications] kmail2 Reporter: Martin van Es <bugs>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: major Keywords: triaged
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Kubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Martin van Es 2015-11-04 08:41:42 UTC 
Chrome is my default browser. I've noticed a couple of times that clicking links in kmail sent me to some sort of "you need to be logged in" page instead of the content I was looking for. Copying the link and pasting it in Chrome always brings me to the right location.

After some debugging, it turns out that since 5.0.2 (15.08.2-0ubuntu1 and/or the update to Kubuntu Wily) kmail for shows a notification of the click action. After some event tracking in Chrome I found that the link that kmail (or notifier?) sent to Chrome was actually the location header of the first request. This results in lost sessions which can be shown with the following example:

I have a mail with a link that looks like this:
https://xxxx.xxx.xx/seminar_i_want_to_visit/access.html?sac=CA2A50DD905F&ck=personalpage

When accessed directly in Chrome, this page answers with a status 302 (found) and a location header containing:
https://xxxx.xxx.xx/seminar_i_want_to_visit/personalpage.html?sid=e4ed2a3a-e8b5-466e-97c5-5c4efbd07390

Which in turn shows me my personal page for this seminar.

When clicked in kmail however, the FIRST request that Chrome receives is:
https://xxxx.xxx.xx/seminar_i_want_to_visit/personalpage.html?sid=e4ed2a3a-e8b5-466e-97c5-5c4efbd07390

Which sends me to a login page, because there is no session for sid e4ed2a3a-e8b5-466e-97c5-5c4efbd07390 yet.

Clicking the link a second time in kmail (after having opened the page using copy/paste before) brings me to the correct page, since there now is a valid session on sid e4ed2a3a-e8b5-466e-97c5-5c4efbd07390.


Reproducible: Always

Steps to Reproduce:
1. Receive mail with personal link that forces a location header containing session information
2. Click link in kmail
3. Watch page

Actual Results:  
Genereic page without session telling me to login

Expected Results:  
Personal page
Comment 1 Martin van Es 2015-11-04 11:07:10 UTC 
It seems the same for links received in Skype, which also trigger a notification now. Maybe not a kmail bug but a link notifier bug? Can someone point me in the right direction to file this bug?
Comment 2 Martin van Es 2015-11-04 13:19:37 UTC 
Found the problem. It's the "in application based on the contents of the URL" setting in Default Applications settings for Web Browser. Setting it "hard" to Chrome solves the problem.

It turns out the inspecting launcher does a bad job opening the re-location header instead of the original link.
Comment 3 Denis Kurz 2017-06-23 20:17:56 UTC 
This bug has never been confirmed for a Kontact version that is based on KDE Frameworks, except possibly a Technology Preview version 5.0.x. Those versions differ significantly from the old 4.x series. Therefore, I plan to close it in around two or three months. In the meantime, it is set to WAITINGFORINFO to give reporters the opportunity to check if it is still valid. As soon as someone confirms it for a recent version (at least 5.1, ideally even more recent), I'll gladly reopen it.

Please understand that we lack the manpower to triage bugs reported for versions almost two years beyond their end of life.
Comment 4 Martin van Es 2017-10-31 15:29:25 UTC 
Still bug is still present in plasma 5.11.2
Comment 5 Andrew Crouthamel 2018-09-28 02:36:45 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 6 Martin van Es 2018-09-28 06:30:17 UTC 
All info needed is in original report and comment 2.
I realise it's difficult, reviewer should take some time to carefully read up and grok the problem. It involves difficult HTTP protocol terms.
Comment 7 Justin Zobel 2022-12-01 04:34:52 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 8 Martin van Es 2022-12-01 07:52:00 UTC 
There seems to be no "based on the contents of the URL" setting in "Default Application" anymore, so the bug resolved itself by removing the flawed option. Thx!