[Bug 1372199] Re: in emails, unsubscribe links should not react to HTTP HEAD requests
Mark Sapiro
mark at msapiro.net
Mon Sep 22 02:12:53 CEST 2014
There are a few issues here. First, the unsubscribe URL in your example
is not sent in the standard welcome message. The standard message
contains only something like
If you ever want to unsubscribe or change your options (eg, switch to or
from digest mode, change your password, etc.), visit your subscription
page at:
http://example.com/mailman/options/user%40example.net
without the login-unsub fragment. Your installation has modified the
subscribeack.txt template on a per-list, per-domain or sitewide basis to
add the login-unsub fragment.
That notwithstanding, your point about a HEAD request on the URL is
valid and I will fix this, but I will still allow GET. In theory this
really should be only a POST from the options login page, but it is well
known and widely used to put such URLs in list message headers or
footers as unsubscribe links, so disallowing GET would be too
disruptive.
** Changed in: mailman
Importance: Undecided => Medium
** Changed in: mailman
Status: New => In Progress
** Changed in: mailman
Milestone: None => 2.1.19
** Changed in: mailman
Assignee: (unassigned) => Mark Sapiro (msapiro)
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1372199
Title:
in emails, unsubscribe links should not react to HTTP HEAD requests
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1372199/+subscriptions
More information about the Mailman-coders
mailing list