Skip to content

feat: accept messages from key contacts with forged From address#8382

Open
link2xt wants to merge 1 commit into
mainfrom
link2xt/lnxsrknwkmnq
Open

feat: accept messages from key contacts with forged From address#8382
link2xt wants to merge 1 commit into
mainfrom
link2xt/lnxsrknwkmnq

Conversation

@link2xt

@link2xt link2xt commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

From address is not used for key contacts
other than as the address to send replies to.

@link2xt link2xt marked this pull request as ready for review July 1, 2026 11:47
From address is not used for key contacts
other than as the address to send replies to.
@link2xt link2xt force-pushed the link2xt/lnxsrknwkmnq branch from 5690577 to 0e6d8c4 Compare July 1, 2026 12:12
@link2xt

link2xt commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator Author

This likely affects https://github.com/deltachat-bot/deltachat-loginbot as the bot authenticates email address, and now email address during securejoin can come entirely from the protected header that is not checked by the server, so sending vc-request-with-auth to the bot updated with this PR will authenticate as any email address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant