mirror of
https://github.com/vector-im/hydrogen-web.git
synced 2024-12-23 03:25:12 +01:00
don't retry with www.{host}, as it's a minor security issue
if www.host gets hacked (e.g. a bad wordpress plugin), it could spread to the matrix server running on a different host.
This commit is contained in:
parent
160ae0b767
commit
d1412e1f42
@ -22,37 +22,19 @@ function normalizeHomeserver(homeserver) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function getRetryHomeserver(homeserver) {
|
|
||||||
const url = new URL(homeserver);
|
|
||||||
const {host} = url;
|
|
||||||
const dotCount = host.split(".").length - 1;
|
|
||||||
if (dotCount === 1) {
|
|
||||||
url.host = `www.${host}`;
|
|
||||||
return url.origin;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async function getWellKnownResponse(homeserver, request) {
|
async function getWellKnownResponse(homeserver, request) {
|
||||||
const requestOptions = {format: "json", timeout: 30000, method: "GET"};
|
const requestOptions = {format: "json", timeout: 30000, method: "GET"};
|
||||||
let wellKnownResponse = null;
|
try {
|
||||||
while (!wellKnownResponse) {
|
const wellKnownUrl = `${homeserver}/.well-known/matrix/client`;
|
||||||
try {
|
return await request(wellKnownUrl, requestOptions).response();
|
||||||
const wellKnownUrl = `${homeserver}/.well-known/matrix/client`;
|
} catch (err) {
|
||||||
return await request(wellKnownUrl, requestOptions).response();
|
if (err.name === "ConnectionError") {
|
||||||
} catch (err) {
|
// don't fail lookup on a ConnectionError,
|
||||||
if (err.name === "ConnectionError") {
|
// there might be a missing CORS header on a 404 response or something,
|
||||||
const retryHS = getRetryHomeserver(homeserver);
|
// which won't be a problem necessarily with homeserver requests later on ...
|
||||||
if (retryHS) {
|
return null;
|
||||||
homeserver = retryHS;
|
} else {
|
||||||
} else {
|
throw err;
|
||||||
// don't fail lookup on a ConnectionError,
|
|
||||||
// there might be a missing CORS header on a 404 response or something,
|
|
||||||
// which won't be a problem necessarily with homeserver requests later on ...
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
throw err;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user