https://bugs.kde.org/show_bug.cgi?id=520698
Bug ID: 520698
Summary: Questionable HTTP server running in background
Classification: Applications
Product: NeoChat
Version First 26.04.1
Reported In:
Platform: Flatpak
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: General
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Target Milestone: ---
DESCRIPTION
NeoChat appears to have an HTTP server listening on 127.0.0.1:20847 at all
times while the app is running, always on port 20847. The server seems to only
ever respond with the following headers and body:
< HTTP/1.0 200
< Content-type: text/html
<
<html><head><script src="https://www.google.com/recaptcha/api.js"; async
defer></script></head><body style="background: #00000000"><center><div
class="g-recaptcha" data-sitekey=""></div></center></body></html>
This appears to be completely independent of the SSO callback, which briefly
spins up a different HTTP server on a different port that is random each time.
I noticed this when troubleshooting bug 519076.
What is the purpose of this always-on HTTP server, and why does it tell the
browser to load Google's reCaptcha?
STEPS TO REPRODUCE
1. Launch NeoChat
2. Run $ ss -tuplen | grep 'neochat'
3. Run $ curl -v http://localhost:20847/
OBSERVED RESULT
Port 20847 is open, an HTTP server belonging to NeoChat is listening on it, and
it serves the aforementioned blank page with Google's reCaptcha embedded
EXPECTED RESULT
Either no HTTP server running (outside of SSO flow), or, if the app needs the
server for something, no fetching of reCaptcha and other stuff from 3rd party
providers
SOFTWARE/OS VERSIONS
Operating System: Manjaro Linux
KDE Plasma Version: 6.5.6
KDE Frameworks Version: 6.24.0
--
You are receiving this mail because:
You are watching all bug changes.
