don't retry with www.{host}, as it's a minor security issue

if www.host gets hacked (e.g. a bad wordpress plugin), it could spread to the matrix server running on a different host.
2021-08-23 20:05:42 +02:00 · 2021-08-23 20:05:42 +02:00 · d1412e1f42
parent 160ae0b767
commit d1412e1f42
1 changed files with 11 additions and 29 deletions
--- a/src/matrix/well-known.js
+++ b/src/matrix/well-known.js
@ -22,37 +22,19 @@ function normalizeHomeserver(homeserver) {
    }
 }

-function getRetryHomeserver(homeserver) {
-    const url = new URL(homeserver);
-    const {host} = url;
-    const dotCount = host.split(".").length - 1;
-    if (dotCount === 1) {
-        url.host = `www.${host}`;
-        return url.origin;
-    }
-}
-
 async function getWellKnownResponse(homeserver, request) {
    const requestOptions = {format: "json", timeout: 30000, method: "GET"};
-    let wellKnownResponse = null;
-    while (!wellKnownResponse) {
-        try {
-            const wellKnownUrl = `${homeserver}/.well-known/matrix/client`;
-            return await request(wellKnownUrl, requestOptions).response();
-        } catch (err) {
-            if (err.name === "ConnectionError") {
-                const retryHS = getRetryHomeserver(homeserver);
-                if (retryHS) {
-                    homeserver = retryHS;
-                } else {
-                    // don't fail lookup on a ConnectionError,
-                    // there might be a missing CORS header on a 404 response or something,
-                    // which won't be a problem necessarily with homeserver requests later on ...
-                    return null;
-                }
-            } else {
-                throw err;
-            }
+    try {
+        const wellKnownUrl = `${homeserver}/.well-known/matrix/client`;
+        return await request(wellKnownUrl, requestOptions).response();
+    } catch (err) {
+        if (err.name === "ConnectionError") {
+            // don't fail lookup on a ConnectionError,
+            // there might be a missing CORS header on a 404 response or something,
+            // which won't be a problem necessarily with homeserver requests later on ...
+            return null;
+        } else {
+            throw err;
        }
    }
 }