[Bug 1167985] New: konqueror/kcookiejar cookie settings not handled correctly
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 Bug ID: 1167985 Summary: konqueror/kcookiejar cookie settings not handled correctly Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Applications Assignee: opensuse-kde-bugs@opensuse.org Reporter: d_werner@gmx.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- With Leap 15.2 Beta a bug similar to bug 1049975 is back. Setting the cookie settings to "accept for session" in the settings menu of konqueror results in the setting CookieGlobalAdvice=Accept For Session in ~/.config/kcookiejarrc. Restarting konqueror and checking the settings menu the configuration looks correct, it still shows "accept for session". But as soon as a webpage is opened, e.g. https://panopticlick.eff.org/, a dialog pops up and asks how to handle cookies of the domain. After accepting cookies of this domain for the session the Cookie Policy in the ~/.config/kcookiejarrc looks like this: [Cookie Policy] AcceptSessionCookies=true CookieDomainAdvice=.eff.org:AcceptForSession CookieGlobalAdvice=Dunno Cookies=true RejectCrossDomainCookies=true The global setting is destroyed. The dialog pops up for each domain asking how to handle the cookies. rpm -q kio kio-5.68.0-lp152.1.1.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c1 --- Comment #1 from Dirk Weber <d_werner@gmx.net> --- Sorry, this is wrong in the description: 'Restarting konqueror and checking the settings menu the configuration looks correct, it still shows "accept for session".' Actually, after restarting konqueror when the ~/.config/kcookiejarrc contains CookieGlobalAdvice=Accept For Session the settings in cookie settings in konqueror show "ask for confirmation" The same workaround from bug 1049975 is still working: change ~/.config/kcookiejarrc to contain CookieGlobalAdvice=AcceptForSession and make it readonly. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c2 Wolfgang Bauer <wbauer@tmo.at> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wbauer@tmo.at --- Comment #2 from Wolfgang Bauer <wbauer@tmo.at> --- (In reply to Dirk Weber from comment #0) With Leap 15.2 Beta a bug similar to bug 1049975 is back. That's likely an upstream regression then I suppose. I don't see a change to the code that was fixed back then though... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c3 --- Comment #3 from Wolfgang Bauer <wbauer@tmo.at> --- It seems to work fine here though. (Leap 15.1 with the latest KDE and Qt packages from additional repos) Are you sure the config file was writable? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c4 --- Comment #4 from Wolfgang Bauer <wbauer@tmo.at> --- (In reply to Wolfgang Bauer from comment #3)
It seems to work fine here though. Ah, wait. The setting is stored in the config file, but konqueror (or rather kded) does ask again after I restart it....
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c5 --- Comment #5 from Wolfgang Bauer <wbauer@tmo.at> --- Setting it to "Accept all cookies" seems to work as expected though. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c6 Wolfgang Bauer <wbauer@tmo.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #6 from Wolfgang Bauer <wbauer@tmo.at> --- I think I know what happens: kcookiejar itself has similar code to read/write the settings string as the settings module. Previously, only the KCM was changed to handle the string with spaces (by removing the spaces), but not kcookiejar itself, i.e. the daemon itself still doesn't recognize the setting "Accept For Session" (with spaces). Now I just wonder how the previous fix ever worked at all though... :-/ I created a "proof of concept" patch to fix it, by making kcookiejar strip the spaces too, like the old fix did for the KCM. Packages are available here: https://download.opensuse.org/repositories/home:/wolfi323:/branches:/openSUS... Please try them and report back if it works then with "Accept For Session" in the config file. (you should reboot after installing the packages to make sure that the old daemon is not running anymore) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c7 --- Comment #7 from Dirk Weber <d_werner@gmx.net> --- (In reply to Wolfgang Bauer from comment #6)
Now I just wonder how the previous fix ever worked at all though... :-/
I found out that on all my productive systems the ~/.config/kcookiejarrc is readonly with timestamps from 2017. I noticed the problem now on a VM for testing Leap 15.2 where it was writable. It seems to store ini values with blanks is an error prone approach. And it seems not many users are using this choice.
I created a "proof of concept" patch to fix it, by making kcookiejar strip the spaces too, like the old fix did for the KCM. Packages are available here: https://download.opensuse.org/repositories/home:/wolfi323:/branches:/ openSUSE:/Leap:/15.2/standard
Please try them and report back if it works then with "Accept For Session" in the config file. (you should reboot after installing the packages to make sure that the old daemon is not running anymore)
I tested your packages. I installed them and rebooted. The setting is stored in the kcookiejarrc with blanks. After starting konqueror again it recognises the setting correctly. After rebooting again it still works correctly. I would say your correction is working. Great, thanks! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c8 Wolfgang Bauer <wbauer@tmo.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #8 from Wolfgang Bauer <wbauer@tmo.at> --- (In reply to Dirk Weber from comment #7)
I found out that on all my productive systems the ~/.config/kcookiejarrc is readonly with timestamps from 2017. Ok, so I'll better check whether Leap 15.1 is also affected (I'm not aware of any bug reports though).
It seems to store ini values with blanks is an error prone approach. Having spaces in the value is not a problem per se, although it actually was never intended here.
What happened was that a translator changed the string in the settings module to contain spaces years ago (2014, during the port to Qt5), without noticing that it is actually written to the config file as well, which broke reading this setting (as the code that compares the value was not changed). https://cgit.kde.org/kio.git/commit/src/kcms/kio/kcookiespolicyselectiondlg.... And the previous fix obviously was not complete. (I'm pretty sure I did test it back then, but that's been a while) Just removing the spaces again (i.e. reverting the original change that caused the problems) would probably not be a good idea either, as the config file may contain it with spaces already.
I tested your packages. I installed them and rebooted. The setting is stored in the kcookiejarrc with blanks. After starting konqueror again it recognises the setting correctly.
After rebooting again it still works correctly.
I would say your correction is working.
Great, thanks! Good to hear. I'll propose the fix upstream first though, but I'll make sure it will land in Leap 15.2.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167985 http://bugzilla.opensuse.org/show_bug.cgi?id=1167985#c9 --- Comment #9 from Dirk Weber <d_werner@gmx.net> --- (In reply to Wolfgang Bauer from comment #8)
And the previous fix obviously was not complete. (I'm pretty sure I did test it back then, but that's been a while)
I am also quite sure I tested your packages then and it worked. Must have been some special scenario in which it was sufficient and maybe the scenario now is slightly different. Maybe you can check whether the string appears somewhere else in the "KDE code base", something like grep -Ri --include='*.cpp' --include='*.h' 'accept[[:blank:]]*for[[:blank:]]*session' . -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com