Unable to show CardDAV contact photos that requires auth, such as iCloud
Categories
(Thunderbird :: Address Book, defect)
Tracking
(Not tracked)
People
(Reporter: etaoin.wu, Unassigned)
Details
Steps to reproduce:
(We will use iCloud as an example.)
- Have an Apple ID. Use iCloud contact's web UI to create a contact and upload a photo for them.
- Get an app password for the Apple ID. Should look like 12ab-34cd-5678-dcba.
- Add iCloud contact as a CardDAV address book in TB. Should use https://contacts.icloud.com/contacts/ as the carddav location. The actual carddav URL I got is something like https://p123-contacts.icloud.com/12345678901/carddavhome/card/. (not a real link)
- Sync the address book. The photo would not display correctly.
Actual results:
The photo can't display correctly; instead the alt text is shown.
Apple's carddav API server returns in its vcard a HTTP URL as its PHOTO field, like:
PHOTO;VALUE=URI:https://gateway.icloud.com/contacts/12345678901/ck/card/123
456789abcd12345678abcd1234567
(not a real url)
However, this URL cannot be directly accessed (would return http 401 saying "Missing X-APPLE-WEBAUTH-USER cookie"). After experimentation, I found that the cookie is not really needed; I can use HTTP basic auth with the same credential for the carddav server (in this case it's the apple app password, yourappleid@apple.com:12ab-34cd-5678-dcba).
The current implementation directly puts the carddav photo URI into an HTML img tag's src field.
Expected results:
I think Thunderbird can make an AJAX request to fetch the image with the credentials and then put the result into an img tag. This will display the image correctly.
(Comparison to other apps: Both outlook and windows 10's People app can display the image. They are not Apple's first party app!)
|
Reporter | |
Updated•5 months ago
|
|
|
Reporter | |
Comment 1•5 months ago
|
||
Just tested, and eM client supports it too. TB's CardBook plugin does not support it though.
Description
•