From d1412e1f425922a65ce73b17430669329ed9639a Mon Sep 17 00:00:00 2001 From: Bruno Windels Date: Mon, 23 Aug 2021 20:05:42 +0200 Subject: [PATCH] don't retry with www.{host}, as it's a minor security issue if www.host gets hacked (e.g. a bad wordpress plugin), it could spread to the matrix server running on a different host. --- src/matrix/well-known.js | 40 +++++++++++----------------------------- 1 file changed, 11 insertions(+), 29 deletions(-) diff --git a/src/matrix/well-known.js b/src/matrix/well-known.js index c29939c2..00c91f27 100644 --- a/src/matrix/well-known.js +++ b/src/matrix/well-known.js @@ -22,37 +22,19 @@ function normalizeHomeserver(homeserver) { } } -function getRetryHomeserver(homeserver) { - const url = new URL(homeserver); - const {host} = url; - const dotCount = host.split(".").length - 1; - if (dotCount === 1) { - url.host = `www.${host}`; - return url.origin; - } -} - async function getWellKnownResponse(homeserver, request) { const requestOptions = {format: "json", timeout: 30000, method: "GET"}; - let wellKnownResponse = null; - while (!wellKnownResponse) { - try { - const wellKnownUrl = `${homeserver}/.well-known/matrix/client`; - return await request(wellKnownUrl, requestOptions).response(); - } catch (err) { - if (err.name === "ConnectionError") { - const retryHS = getRetryHomeserver(homeserver); - if (retryHS) { - homeserver = retryHS; - } else { - // don't fail lookup on a ConnectionError, - // there might be a missing CORS header on a 404 response or something, - // which won't be a problem necessarily with homeserver requests later on ... - return null; - } - } else { - throw err; - } + try { + const wellKnownUrl = `${homeserver}/.well-known/matrix/client`; + return await request(wellKnownUrl, requestOptions).response(); + } catch (err) { + if (err.name === "ConnectionError") { + // don't fail lookup on a ConnectionError, + // there might be a missing CORS header on a 404 response or something, + // which won't be a problem necessarily with homeserver requests later on ... + return null; + } else { + throw err; } } }