starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 21:15:56 +03:00

[GH-ISSUE #1161] "Always allow from this sender" won't stick after logout then login #591

New issue

Closed

opened 2026-02-25 21:35:27 +03:00 by kerem · 18 comments

kerem commented

2026-02-25 21:35:27 +03:00

Owner

Originally created by @europacafe on GitHub (Aug 12, 2024).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1161

Originally assigned to: @Shadow243, @mercihabam on GitHub.

Cypht 2.1.0 + stalwart mail server

I understand that once I press "Always allow from this sender" for one mail (and it works for that mail), then I click to view another mail with the exact same sender (same email address), it should have shown the message images right away (I did this within the same Cypht login session), but sometimes I have to press "Always allow from this sender" again for the second mail.
I understand that upon allowing the sender, the sender's email address will be automatically populated in a sender whitelist.

I could not recognize the pattern of this issue.

Another relevant question is, should the auto-populated whitelist persist through subsequent Cypht login sessions without performing "Settings-->Save" on the previous session?

Originally created by @europacafe on GitHub (Aug 12, 2024). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1161 Originally assigned to: @Shadow243, @mercihabam on GitHub. Cypht 2.1.0 + stalwart mail server I understand that once I press "Always allow from this sender" for one mail (and it works for that mail), then I click to view another mail with the exact same sender (same email address), it should have shown the message images right away (I did this within the same Cypht login session), but sometimes I have to press "Always allow from this sender" again for the second mail. I understand that upon allowing the sender, the sender's email address will be automatically populated in a sender whitelist. ![image](https://github.com/user-attachments/assets/3ecc4cce-d286-47ad-a1dc-367229458c0a) I could not recognize the pattern of this issue. Another relevant question is, should the auto-populated whitelist persist through subsequent Cypht login sessions without performing "Settings-->Save" on the previous session?

kerem closed this issue

2026-02-25 21:35:27 +03:00

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@mercihabam commented on GitHub (Aug 13, 2024):

@europacafe The issue you just mentionned might have been introduced by some other new features or fixes to the codebase, this used to work how you just explained it. I should check to confirm.

Another relevant question is, should the auto-populated whitelist persist through subsequent Cypht login sessions without performing "Settings-->Save" on the previous session?

The Settings save action does interact with everything related to the preferences of the application, not specifically the incoming data of emails, thus, implying that, whether external images are shown or not within the content of a message isn't a preference that should get saved as a session value, but instead, we leave to the user's browser to decide whether the resource is appropriate to be displayed or not. So yes, the whitelist should persist through subsequent logins.

@mercihabam commented on GitHub (Aug 13, 2024): @europacafe The issue you just mentionned might have been introduced by some other new features or fixes to the codebase, this used to work how you just explained it. I should check to confirm. > Another relevant question is, should the auto-populated whitelist persist through subsequent Cypht login sessions without performing "Settings-->Save" on the previous session? The Settings save action does interact with everything related to the preferences of the application, not specifically the incoming data of emails, thus, implying that, whether external images are shown or not within the content of a message isn't a preference that should get saved as a session value, but instead, we leave to the user's browser to decide whether the resource is appropriate to be displayed or not. So yes, the whitelist should persist through subsequent logins.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@mercihabam commented on GitHub (Aug 13, 2024):

https://github.com/cypht-org/cypht/pull/1166 should fix.

@mercihabam commented on GitHub (Aug 13, 2024): https://github.com/cypht-org/cypht/pull/1166 should fix.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@marclaporte commented on GitHub (Aug 19, 2024):

@Shadow243 Please advise

@marclaporte commented on GitHub (Aug 19, 2024): @Shadow243 Please advise

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@europacafe commented on GitHub (Aug 20, 2024):

Thanks. Just to inform docker image v2.2.0 still has this issue.

@europacafe commented on GitHub (Aug 20, 2024): Thanks. Just to inform docker image v2.2.0 still has this issue.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@Shadow243 commented on GitHub (Aug 20, 2024):

docker image v2.2.0 still has this issue.

Copy that, working on it. Thanks.

@Shadow243 commented on GitHub (Aug 20, 2024): > docker image v2.2.0 still has this issue. Copy that, working on it. Thanks.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@Shadow243 commented on GitHub (Aug 20, 2024):

@Shadow243 Please advise

@Baraka24 i just merged this https://github.com/cypht-org/cypht/pull/1166 to master, can you confirm if it solved this issue please ?

@Shadow243 commented on GitHub (Aug 20, 2024): > @Shadow243 Please advise @Baraka24 i just merged this [https://github.com/cypht-org/cypht/pull/1166](https://github.com/cypht-org/cypht/pull/1166) to master, can you confirm if it solved this issue please ?

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@Baraka24 commented on GitHub (Aug 20, 2024):

I have tested with amailprivacytester. @Shadow243 It works.

@Baraka24 commented on GitHub (Aug 20, 2024): I have tested with amailprivacytester. @Shadow243 It works.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@europacafe commented on GitHub (Sep 1, 2024):

The issue is still there with 2.3.0 docker.
I use Stalwart mail server.

@europacafe commented on GitHub (Sep 1, 2024): The issue is still there with 2.3.0 docker. I use Stalwart mail server.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@Shadow243 commented on GitHub (Sep 1, 2024):

The issue is still there with 2.3.0 docker. I use Stalwart mail server.

Oh copy that, I reopen. Thanks for the feedback

@Shadow243 commented on GitHub (Sep 1, 2024): > The issue is still there with 2.3.0 docker. I use Stalwart mail server. Oh copy that, I reopen. Thanks for the feedback

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@mercihabam commented on GitHub (Sep 3, 2024):

The issue is still there with 2.3.0 docker. I use Stalwart mail server.

@europacafe I don't know what commits are in there but, have you tried on master? If it behaves as unintended also, could you share the content of the email subjective of the issue with me if you consider it not confidential? So I could assist you better!

@mercihabam commented on GitHub (Sep 3, 2024): > The issue is still there with 2.3.0 docker. I use Stalwart mail server. @europacafe I don't know what commits are in there but, have you tried on master? If it behaves as unintended also, could you share the content of the email subjective of the issue with me if you consider it not confidential? So I could assist you better!

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@europacafe commented on GitHub (Sep 3, 2024):

Sorry, I still can't docker build from master successfully.

I found that once I allow image display from a mail address for the first mail, the other mails from the same sender will open images automatically. However, the "allow" permission won't survive after I logout and login again. So basically the "allow" permission is just temporary for that login session only.

@europacafe commented on GitHub (Sep 3, 2024): Sorry, I still can't docker build from master successfully. I found that once I allow image display from a mail address for the first mail, the other mails from the same sender will open images automatically. However, the "allow" permission won't survive after I logout and login again. So basically the "allow" permission is just temporary for that login session only.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@Shadow243 commented on GitHub (Sep 3, 2024):

Sorry, I still can't docker build from master successfully.

docker compose -f docker-compose.dev.yaml up will run in dev mode.

@Shadow243 commented on GitHub (Sep 3, 2024): > Sorry, I still can't docker build from master successfully. `docker compose -f docker-compose.dev.yaml up` will run in dev mode.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@europacafe commented on GitHub (Sep 4, 2024):

Sorry, I still can't docker build from master successfully.

I found that once I allow image display from a mail address for the first mail, the other mails from the same sender will open images automatically. However, the "allow" permission won't survive after I logout and login again. So basically the "allow" permission is just temporary for that login session only.

I've successfully built the latest image based on the current master. The problem is still there.

@europacafe commented on GitHub (Sep 4, 2024): > Sorry, I still can't docker build from master successfully. > > I found that once I allow image display from a mail address for the first mail, the other mails from the same sender will open images automatically. However, the "allow" permission won't survive after I logout and login again. So basically the "allow" permission is just temporary for that login session only. I've successfully built the latest image based on the current master. The problem is still there.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@mercihabam commented on GitHub (Sep 5, 2024):

@europacafe I think this ticket has drifted. The new issue you're raising—I'm not sure whether it's actually a matter of concern or not. I'm skeptical about whether the allowed resources should persist after logout or not. Let's see what others have to say about this.

@mercihabam commented on GitHub (Sep 5, 2024): @europacafe I think this ticket has drifted. The new issue you're raising—I'm not sure whether it's actually a matter of concern or not. I'm skeptical about whether the allowed resources should persist after logout or not. Let's see what others have to say about this.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@europacafe commented on GitHub (Sep 5, 2024):

Thanks. Just FYI, I am also running Snappymail container accessing the same Stalwart mail server. Its "allow from sender" sticks permanently once allowed. Snappymail automatically populates the allowed sender into its whitelist which makes it stick across sessions.

@europacafe commented on GitHub (Sep 5, 2024): Thanks. Just FYI, I am also running Snappymail container accessing the same Stalwart mail server. Its "allow from sender" sticks permanently once allowed. Snappymail automatically populates the allowed sender into its whitelist which makes it stick across sessions. ![image](https://github.com/user-attachments/assets/00c9695e-dc66-47d1-a2cb-005993dc5ba2)

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 28, 2024):

When I click "Always allow from this sender", I expect it to work until I remove the sender. In Cypht standalone, this will, I presume, require me to save the settings, which requires me to enter password to encrypt the new data.

If it was not "permanent", I would expect a button like "Allow from this sender for this session".

@marclaporte commented on GitHub (Sep 28, 2024): When I click "Always allow from this sender", I expect it to work until I remove the sender. In Cypht standalone, this will, I presume, require me to save the settings, which requires me to enter password to encrypt the new data. If it was not "permanent", I would expect a button like "Allow from this sender for this session".

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@mercihabam commented on GitHub (Oct 22, 2024):

A message indicating that the action is session-limited has been added via https://github.com/cypht-org/cypht/pull/1295. However, there is still a need to ensure that whitelisted users are saved along with the settings.

@mercihabam commented on GitHub (Oct 22, 2024): A message indicating that the action is session-limited has been added via https://github.com/cypht-org/cypht/pull/1295. However, there is still a need to ensure that whitelisted users are saved along with the settings.

kerem commented

2026-02-25 21:35:27 +03:00

Author

Owner

@mercihabam commented on GitHub (Oct 30, 2024):

https://github.com/cypht-org/cypht/pull/1299 has added the whitelist setting to the config object, allowing it to stick after logout with the saved user's settings after they have been restored.

@mercihabam commented on GitHub (Oct 30, 2024): https://github.com/cypht-org/cypht/pull/1299 has added the whitelist setting to the config object, allowing it to stick after logout with the saved user's settings after they have been restored.

kerem referenced this issue

2026-02-25 21:36:38 +03:00

[PR #591] [MERGED] Stop reuse of server ids #914