id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
907	Stop caps from leaking to phishing-filter servers	davidsarah	davidsarah	"Some phishing filters send URLs to a filter on some other machine. That's a bad idea and probably not very effective at preventing phishing, but they do it anyway. However, they strip query parts before sending it to the filter (according to Tyler Close and the web calculus documentation).

The webapi accepts URLs of the form {{{http://host:port/uri?uri=...}}}, but it redirects to an URL of the form {{{http://host:port/uri/...}}}. We should prefer to put the cap in the query, and we should probably also allow the shorter form {{{http://host:port/?...}}}."	defect	assigned	minor	eventually	code-frontend-web	1.5.0		capleak integrity confidentiality forward-compatibility newurls docs websec