Mattermost Desktop App Does Not Retain Cookies For SAML Profile Images

Description

Summary

Mattermost desktop application does not render images hosted on SAML connected application.

Environment

  • Mattermost Server 5.22.0

  • Mattermost Desktop 4.4.2 & 4.5.0

Steps to Reproduce

The user is using the Mattermost API to post as a bot user to various teams / channels in their organization.

The API they are using to do this is documented in the Incoming Webhooks.

When they post Markdown that references an image hosted in another SAML-connected application, the image renders as expected in the web client since it appears to send the correct cookies.

Expected Results

The same image hosted on other SAML-connected applications should render as expected in the desktop client as well.

Actual Results

When the same message is viewed in the Mattermost desktop application, the image don't render and it is shown as a broken image icon.

Observation

  • Failure (Desktop 4.4.2)

    • Request

    • Response

    • Empty response content

  • Success (Web Browser)

    • Request

    • Response

    • Response content

       

    • These cookies are missing in the desktop client requests

      • jive.login.type

      • jive.server.info

      • jive.user.loggedIn

      • PLACE_INFO

      • st2

      • X-JCAPI-Token

      • X_JAPP_INSTANCE

       

Workaround

No available workaround except using the web app.

QA Test Steps

None

Mana

None

Assignee

Unassigned

QA Assignee

None

Reporter

Ahmad Danial Mohammad

Epic Link

None

Fix versions

Mattermost Team

Web Platform

Sprint

None

QA Testing Areas

None

GitHub Issue

None

Components

None

Severity

None
Configure