CORS blocks https://mozilla.org/.well-known/matrix/client #12311
Comments
|
That doesn't look like CSP |
|
especially as riot/desktop official builds don't have the CSP changes yet |
jryans
changed the title
|
Instead of CSP, it looks like this is a CORS issue on Mozilla's side:
So, this seems to be something Mozilla would have to correct on their side. |
|
https://mozilla.org/.well-known/matrix/server needs the CORS too while you're at it |
oops, sorry for misdiagnosing.
Strictly speaking, the /server URI shouldn't need CORS, as clients don't check the server URI. |
|
hmm... so https://www.mozilla.org/.well-known/matrix/client is responding with the proper CORS header, but https://mozilla.org/.well-known/matrix/client isn't when it sends the 302. Is that the problem? I'll see about getting the redirect to send the header. Though it might be easier for the team that owns the redirect to just host the file as well. |
Yes, either the redirect needs to also set the |
|
Since we can't do anything about this on the Riot side and there's an issue tracking it for Mozilla's infrastructure, let's close this one. |
|
Got an update in the bug that this should now be fixed. I do see the proper header on the redirect. Can someone confirm that it works now? |
|
Works for me |
|
yup, confirmed fixed - thanks! |
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
If you try to discover a custom server in Riot/Desktop (e.g. by entering
@foo:mozilla.orgas your mxid), it fails miserably with:The text was updated successfully, but these errors were encountered: