Thx Amy.
I propose the following handling:
- ad preview: I wrongly assumed the server to signal needed auth via a dedicated http status code (typically 403). But the Mattermost engineers are right, in this redirect scenario that’s not the case. Thus in fact there’s no easy way (I’m aware of) to avoid the preview of the login page.
- ad URL handed to the browser: this is imo the bigger problem and should be easy to fix: just hand the browser (or whatever external application the OS decides to invoke) the original URL.