Unable to show iCloud contact photos
When Thunderbird is set to synchronize from an iCloud contact CardDAV, it is unable to show the photos for the contact. I am using TB 115 on Windows (problem is platform independent).
Steps to reproduce
- Have an Apple ID. Use iCloud contact's web UI to create a contact and upload a photo for them.
- Get an app password for the Apple ID.
- Add iCloud contact as a CardDAV address book in TB. Should use https://contacts.icloud.com/contacts/ as the carddav location. The actual carddav URL I got is something like https://p123-contacts.icloud.com/12345678901/carddavhome/card/. (not a real link)
- Sync the address book. The photo would not display correctly.
My investigation
Apple's carddav API server returns in its vcard a HTTP URL as its PHOTO field, like:
PHOTO;VALUE=URI:https://gateway.icloud.com/contacts/12345678901/ck/card/123 456789abcd12345678abcd1234567
(not a real url; you can export the vcard if you have done the above reproducing steps)
However, this URL cannot be directly accessed (would return 401 saying "Missing X-APPLE-WEBAUTH-USER cookie"; see e.g. this github issue). However, the cookie is not really needed; I can use HTTP basic auth with the same credential for the carddav server (in this case it's the apple app password, yourappleid@apple.com:1234-abcd-5678-dcba
).
Potential fix
The current implementation directly puts the carddav photo URI into an HTML img tag. I think Thunderbird can make an AJAX request to fetch the image with the credentials and then put the result into an img tag.
EtaoinWu modificouno o
All Replies (3)
Have you considered filing a bug? https://bugzilla.mozilla.org/home
I really don't think anything useful will be achieved in a peer support forum.
Matt said
Have you considered filing a bug? https://bugzilla.mozilla.org/home I really don't think anything useful will be achieved in a peer support forum.
Filed as https://bugzilla.mozilla.org/show_bug.cgi?id=1874805. Do I need to mark this as solved?
It is not really solved, but marking topics solved allows them to be indexed by search engines. I would mark it as such for that reason. But I will leave it to you.