Skip to content

Route chatbot-support mailto through Help WebView log-attach flow#5262

Open
joashrajin wants to merge 1 commit into
Automattic:mainfrom
joashrajin:feat/help-webview-chatbot-support-recipient
Open

Route chatbot-support mailto through Help WebView log-attach flow#5262
joashrajin wants to merge 1 commit into
Automattic:mainfrom
joashrajin:feat/help-webview-chatbot-support-recipient

Conversation

@joashrajin
Copy link
Copy Markdown
Contributor

@joashrajin joashrajin commented Apr 30, 2026

Summary

The Ask AI widget on support.pocketcasts.com is moving from mailto:support@pocketcasts.com to mailto:chatbot-support@pocketcasts.com so AI-originated tickets land in a separate inbox.

Today, when a user taps the widget's "contact us here" link inside the in-app Help WebView, HelpWebViewClient intercepts the mailto and routes it through Support.shareLogs(), which builds an Intent.ACTION_SEND with debug.txt attached. The to-address is hardcoded to support@pocketcasts.com, and the allowlist of mailto URLs only contains support@shiftyjelly.com and support@pocketcasts.com. So once the widget switches to chatbot-support@, the WebView would stop recognizing the link, fall through to onTapUri(), and the user would email the chatbot inbox without debug logs attached.

This PR makes the recipient address configurable end-to-end while preserving existing behaviour for every other caller of shareLogs().

Changes

  • HelpPage.kt — replaced the prefix-match contactSupportAction list with an exact-recipient Set<String> (supportRecipients) that now includes chatbot-support@pocketcasts.com. Parses the recipient from the matched mailto URL and passes it through. Falls back to onTapUri() for any mailto whose recipient isn't in the set. The WebViewError "Contact support" button (shown when the help page fails to load) explicitly uses support@pocketcasts.com.
  • HelpViewModel.getSupportIntent() — accepts an optional recipient: String (default support@pocketcasts.com) and forwards it.
  • Support.shareLogs() — adds an optional recipient: String parameter (default support@pocketcasts.com) and uses it for Intent.EXTRA_EMAIL instead of the hardcoded address. Other callers (LogsViewModel, StatusViewModel, the getFeedbackIntent path, and emailWearLogsToSupportIntent) are unaffected via the default.

Security note

The previous contactSupportAction.any { url.startsWith(it) } check matched by prefix, so mailto:support@pocketcasts.com.evil.com would also match. This was harmless before because the to-address was hardcoded — but parsing the recipient from the URL would have made it exploitable. This PR tightens to exact-equality matching against the supportRecipients set.

Test plan

  • In the Pocket Casts Android app, open Settings → Help & Feedback → Ask AI.
  • Send a message, then tap the "contact us here" link in the assistant's reply.
  • Confirm the email composer opens with chatbot-support@pocketcasts.com in the To field and debug.txt attached.
  • Tap the regular "Contact support" button on the Help page (not via the widget) and confirm the email composer opens with support@pocketcasts.com and debug.txt attached (regression check).
  • In the standalone Logs screen (Settings → Help → ⋮ → View Logs → Share), confirm the email goes to support@pocketcasts.com (regression check).
  • Force the Help WebView to fail to load (airplane mode), tap the "Contact support" error button, confirm the email goes to support@pocketcasts.com (regression check).
  • Tap a mailto link in the WebView whose recipient is not in supportRecipients and confirm it falls through to the system email composer (no log attachment, no crash).

Related

Coordinated with the support team's move to a dedicated chatbot-support@pocketcasts.com inbox for AI-originated tickets. The widget HTML change (swapping the rendered mailto: href) is being made separately on the support site.

Draft until the widget swap is timed.

@joashrajin
Route chatbot-support mailto through Help WebView log-attach flow
103a05a 
The AI widget on support.pocketcasts.com now uses
mailto:chatbot-support@pocketcasts.com so AI-originated tickets
land in a separate inbox. Without this change, the WebView
client at HelpPage.kt did not recognize that address and the
mailto fell through to the system email composer with no
debug.txt attached.

- Add chatbot-support@pocketcasts.com to the recognized support
  recipient set in HelpPage.kt
- Tighten mailto matching from prefix-startsWith (which would
  also match attacker-controlled mailto:support@pocketcasts.com.evil.com)
  to exact recipient equality
- Thread the parsed recipient through HelpWebViewClient ->
  HelpViewModel.getSupportIntent -> Support.shareLogs so the
  intent's EXTRA_EMAIL reflects the URL the user tapped
- Other shareLogs callers (LogsViewModel, StatusViewModel,
  HelpViewModel feedback path, wear logs) continue to default
  to support@pocketcasts.com via parameter defaults
Copilot AI review requested due to automatic review settings April 30, 2026 11:42
Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the in-app Help WebView mailto interception so that “Ask AI” contact links can route to a new chatbot-support@pocketcasts.com inbox while still attaching debug logs, without changing behavior for existing support/log-sharing entry points.

Changes:

  • Make the support email recipient configurable through HelpPage -> HelpViewModel -> Support.shareLogs.
  • Tighten Help WebView mailto handling to exact-recipient allowlisting (and add chatbot-support@pocketcasts.com).
  • Keep the Help-page load error “Contact support” button targeting support@pocketcasts.com.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
modules/services/repositories/src/main/java/au/com/shiftyjelly/pocketcasts/repositories/support/Support.kt Adds optional recipient parameter to shareLogs() and uses it for Intent.EXTRA_EMAIL.
modules/features/settings/src/main/java/au/com/shiftyjelly/pocketcasts/settings/viewmodel/HelpViewModel.kt Threads optional recipient through getSupportIntent() to Support.shareLogs().
modules/features/settings/src/main/java/au/com/shiftyjelly/pocketcasts/settings/HelpPage.kt Parses mailto recipient in HelpWebViewClient, allowlists recipients (including chatbot-support), and passes recipient into support flow.

@joashrajin
Copy link
Copy Markdown
Contributor Author

joashrajin commented Apr 30, 2026

Some context on p1777549631343759/1774527906.406489-slack-C06DGE41ENN

@joashrajin joashrajin self-assigned this Apr 30, 2026
@joashrajin joashrajin marked this pull request as ready for review April 30, 2026 16:14
@joashrajin joashrajin requested a review from a team as a code owner April 30, 2026 16:14
@joashrajin joashrajin requested review from sztomek and removed request for a team April 30, 2026 16:14
@joashrajin joashrajin mentioned this pull request Apr 30, 2026
Draft
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sztomek sztomek Awaiting requested review from sztomek sztomek is a code owner automatically assigned from Automattic/pocket-casts-android

At least 1 approving review is required to merge this pull request.

Assignees

@joashrajin joashrajin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joashrajin