ponymail-mcp: land users on the list after OAuth login, not the paste form PonyMail's oauth.html stores document.referrer in sessionStorage on load and redirects the user back to it after OAuth completes (falling back to the list index "./" only when there is no referrer). Because the login helper page is served from http://localhost, that localhost URL became the stored origin, so after authenticating the user was bounced straight back to the still-open paste form instead of the mailing list. Add rel="noreferrer" to the step-1 link so no referrer is sent; PonyMail's empty-origin fallback then lands the user on the real lists.apache.org list index. Generated-by: Claude Code 2.1.173 (Claude Opus 4.8)
diff --git a/mcp/ponymail-mcp/auth.js b/mcp/ponymail-mcp/auth.js index 1467c73..d06a014 100644 --- a/mcp/ponymail-mcp/auth.js +++ b/mcp/ponymail-mcp/auth.js
@@ -321,6 +321,13 @@ // --------------------------------------------------------------------------- export function loginPage(baseUrl) { + // PonyMail's oauth.html stashes document.referrer in sessionStorage on load + // and, after OAuth completes, redirects the user back to it (falling back to + // the list index "./" when there is no referrer). Since this helper page is + // served from http://localhost, an un-suppressed referrer would bounce the + // user straight back to *this* paste form after they log in. The step-1 link + // therefore carries rel="noreferrer" so PonyMail lands them on the real + // lists.apache.org index instead. const oauthUrl = `${baseUrl}/oauth.html`; const hostname = new URL(baseUrl).hostname; const autoOn = autoExtractEnabled(); @@ -408,7 +415,7 @@ <div class="step-body"> <h2>Log in to ${hostname}</h2> <p>Skip if you're already logged in there.</p> - <a class="openlink" href="${oauthUrl}" target="_blank">Open ${hostname} →</a> + <a class="openlink" href="${oauthUrl}" target="_blank" rel="noreferrer">Open ${hostname} →</a> </div> </div>