Extend web_client_location to handle absolute URLs (#7006)

Log warning when filesystem path is used.

Signed-off-by: Martin Milata <martin@martinmilata.cz>
This commit is contained in:
Martin Milata 2020-04-03 17:57:34 +02:00 committed by GitHub
parent 334bfdbc90
commit b0db928c63
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 9 deletions

1
changelog.d/7006.feature Normal file
View File

@ -0,0 +1 @@
Extend the `web_client_location` option to accept an absolute URL to use as a redirect. Adds a warning when running the web client on the same hostname as homeserver. Contributed by Martin Milata.

View File

@ -33,10 +33,15 @@ server_name: "SERVERNAME"
# #
pid_file: DATADIR/homeserver.pid pid_file: DATADIR/homeserver.pid
# The path to the web client which will be served at /_matrix/client/ # The absolute URL to the web client which /_matrix/client will redirect
# if 'webclient' is configured under the 'listeners' configuration. # to if 'webclient' is configured under the 'listeners' configuration.
# #
#web_client_location: "/path/to/web/root" # This option can be also set to the filesystem path to the web client
# which will be served at /_matrix/client/ if 'webclient' is configured
# under the 'listeners' configuration, however this is a security risk:
# https://github.com/matrix-org/synapse#security-note
#
#web_client_location: https://riot.example.com/
# The public-facing base URL that clients use to access this HS # The public-facing base URL that clients use to access this HS
# (not including _matrix/...). This is the same URL a user would # (not including _matrix/...). This is the same URL a user would

View File

@ -241,16 +241,26 @@ class SynapseHomeServer(HomeServer):
resources[SERVER_KEY_V2_PREFIX] = KeyApiV2Resource(self) resources[SERVER_KEY_V2_PREFIX] = KeyApiV2Resource(self)
if name == "webclient": if name == "webclient":
webclient_path = self.get_config().web_client_location webclient_loc = self.get_config().web_client_location
if webclient_path is None: if webclient_loc is None:
logger.warning( logger.warning(
"Not enabling webclient resource, as web_client_location is unset." "Not enabling webclient resource, as web_client_location is unset."
) )
elif webclient_loc.startswith("http://") or webclient_loc.startswith(
"https://"
):
resources[WEB_CLIENT_PREFIX] = RootRedirect(webclient_loc)
else: else:
logger.warning(
"Running webclient on the same domain is not recommended: "
"https://github.com/matrix-org/synapse#security-note - "
"after you move webclient to different host you can set "
"web_client_location to its full URL to enable redirection."
)
# GZip is disabled here due to # GZip is disabled here due to
# https://twistedmatrix.com/trac/ticket/7678 # https://twistedmatrix.com/trac/ticket/7678
resources[WEB_CLIENT_PREFIX] = File(webclient_path) resources[WEB_CLIENT_PREFIX] = File(webclient_loc)
if name == "metrics" and self.get_config().enable_metrics: if name == "metrics" and self.get_config().enable_metrics:
resources[METRICS_PREFIX] = MetricsResource(RegistryProxy) resources[METRICS_PREFIX] = MetricsResource(RegistryProxy)

View File

@ -604,10 +604,15 @@ class ServerConfig(Config):
# #
pid_file: %(pid_file)s pid_file: %(pid_file)s
# The path to the web client which will be served at /_matrix/client/ # The absolute URL to the web client which /_matrix/client will redirect
# if 'webclient' is configured under the 'listeners' configuration. # to if 'webclient' is configured under the 'listeners' configuration.
# #
#web_client_location: "/path/to/web/root" # This option can be also set to the filesystem path to the web client
# which will be served at /_matrix/client/ if 'webclient' is configured
# under the 'listeners' configuration, however this is a security risk:
# https://github.com/matrix-org/synapse#security-note
#
#web_client_location: https://riot.example.com/
# The public-facing base URL that clients use to access this HS # The public-facing base URL that clients use to access this HS
# (not including _matrix/...). This is the same URL a user would # (not including _matrix/...). This is the same URL a user would