From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id gMeFKJdhw2XmzgAAqHPOHw:P1 (envelope-from ) for ; Wed, 07 Feb 2024 11:55:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id gMeFKJdhw2XmzgAAqHPOHw (envelope-from ) for ; Wed, 07 Feb 2024 11:55:19 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707303319; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=8EN3amuBngxEotaeyX/YzEzn9LxJTHQyAx2fjSYVn6M=; b=kn0Np79aIOk45lRv8vivrG0G4BFtgmc+8yPLhN83xLNvLp5bTd4Rg8+UVOtqMScIRIanEw ETDXu9esVuuA1W7YngRxNRL4ihYqDlWy1YKaTX2N4SlmMYsX5bzw0EqmK6/stFLmnDQkCc Fl2wW5LlV3fhzUJ0MOKgQTWFNliaFv4M5tM7ML1rSenFhOCzilU7Q9qqntmvszQS9tcble PX6HRe9VX0sBpP4h6n1HAqlH6z8pHdVT1sTOjIqF09qA+pbgC8iCMQFpQySLvh9vQXFTFB 4eYZtqayHMQ/B6UmIBwgZjZmPHE6Xol8k7tedLSN20jf4oNmPIldUAj4HMSvkg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707303319; a=rsa-sha256; cv=none; b=G6fRhGwMu1bHgGpRhAbmHMc2aJl6LosxKBkDQ0x1dtXgJR7Z8Tl8WTCbPQ5O/PEXCnnNot WCrLdnKXvXsmcUP8FBZqBfG2/dwIQ2WNgbkOqvJcIqUfsDuMBZtBpqlE+NNEzv4pYniI3Z 32aVPCt1oXelLGhQeVRAH+sG0FMzRYYzXkej9yNVFvue6q0d4Xq23sZUfI1HnUyH4amKX4 t+sL8WN1QXH/Tx+cSjgGV6Uexso7F4AdC5memOylZhXUuJHxUxX95hf3Y9792JrKuqLFgM njjGDm0Q/5bY6HN3Xwq/CZQL82lb97izjaxkrjOjJgVmYmtWhRreDsMPO1Fe9w== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5DE5673CCD for ; Wed, 7 Feb 2024 11:55:19 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rXfZV-0005TB-CI; Wed, 07 Feb 2024 05:54:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rXfZT-0005Sv-Rm for emacs-orgmode@gnu.org; Wed, 07 Feb 2024 05:54:27 -0500 Received: from ciao.gmane.io ([116.202.254.214]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rXfZR-00060G-B5 for emacs-orgmode@gnu.org; Wed, 07 Feb 2024 05:54:26 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1rXfZN-000AAk-8H for emacs-orgmode@gnu.org; Wed, 07 Feb 2024 11:54:21 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: [BUG] Org may fetch remote content without asking user consent Date: Wed, 7 Feb 2024 17:54:07 +0700 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla Thunderbird Content-Language: en-US, ru-RU Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 39 X-Spam_score: 3.9 X-Spam_bar: +++ X-Spam_report: (3.9 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NML_ADSP_CUSTOM_MED=0.9, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URI_HEX=0.1, WEIRD_PORT=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -1.16 X-Migadu-Queue-Id: 5DE5673CCD X-Spam-Score: -1.16 X-Migadu-Scanner: mx11.migadu.com X-TUID: cYfVWByw3Oj7 Consider the following .org file: --- 8< --- #+setupfile: /dav:localhost#8000:/msg-123456.org --- >8 --- When Emacs opens it, HTTP server (plain HTTP, not WebDAV is used for test) logs contain python3 -m http.server 8000 Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... 127.0.0.1 - - [07/Feb/2024 17:34:52] code 501, message Unsupported method ('OPTIONS') 127.0.0.1 - - [07/Feb/2024 17:34:52] "OPTIONS /msg-123456.org HTTP/1.1" 501 - 127.0.0.1 - - [07/Feb/2024 17:34:52] code 501, message Unsupported method ('OPTIONS') 127.0.0.1 - - [07/Feb/2024 17:34:52] "OPTIONS /msg-123456.org HTTP/1.1" 501 - Emacs *Messages* buffer: Tramp: Opening connection for localhost using dav...failed Unable to read file "/dav:localhost#8000:/msg-123456.org" Tramp: Opening connection for localhost using dav...failed Unable to read file "/dav:localhost#8000:/msg-123456.org" No dialog whether the file should be downloaded is displayed. My expectation is that Org should not connect to remote servers in default configuration unless it is explicitly approved by the user. I am unsure what user option may be changed to mitigate the issue. - Debian 12 bookworm - Org commit 18d98e - gvfs-backends (dependency of gnome-core) package is installed