Unable to deploy .well-known file to disable E2EE by default. Consider config.json alternative #14079
Comments
It is not a config.json option. What do your user names look like, |
Hence my request to please add such an option.
They're just |
Product team specifically said well-known only
Then your well-known URL is wrong;
It should be |
As I explained corporate.local points to the active directory domain controllers on which I don't want and won't install an additional web server in any form. I'm pretty sure I'm not the only one with that problem. |
|
Sorry, missed that. Well as per the Matrix spec, that is the only place the well-known is looked up. |
Maybe the product team could reconsider it's decision as there obviously seem to exist use cases for that. I fail to see where having an additional configure option would hurt. |
|
It wouldn't apply to riot-android, riotX-android, riot-ios the mobile clients have no equivalent of config.json so a feature-parity mismatch was chosen against by Product |
Which wouldn't be a problem (in our case) as I can and have configured a proper https://corporate.local/.well-known/matrix/client reachable from the outside/internet perfectly well. We could argue how stupid it is to have the same domain internally and externally but it's how it was done and out of my control. |
jryans
changed the title
|
We'll track this as a suggestion for now. I would helpful to hear from other deployments that might also be in this situation of being unable to deploy .well-known so we can consider alternative options. |
t3chguy
changed the title
|
oops, didn't realise you already changed |
t3chguy
changed the title
+1 for us. Please understand that not all sysadmins out there can easily accomplish such a requirement. Since we are discussing about element-web here, it would be so far more simple to make this setting available in the |
|
Does the io.element.e2ee setting do anything in the client these days? I've been trying to get this to work, but have had no luck, client doesn't seem to retrieve .well-known file at all, and if I grep through the element-web codebase for e2ee, the only hits I get are in the docs MD files and changelog. (This may be me not understanding to source structure, but I do find it quite odd) |
|
Thanks for the super-speedy reply :) I do have a small followup question. When does Element-web query those? Is it only done on login, or should it be every time I open the client after having closed the tab/browser? Having my apache logs open, I get no hits on the well-known file, not even 404s |
|
It does it at app launch and every 2h whilst running. |
|
Yes, I found that info in some other threads, users are @user:sub.domain.tld and server is running at sub.domain.tld I'm looking at a combined log for both sub.domain.tld and domain.tld, just in case. |
|
I suggest looking at the client's/browser's Network log instead, as that's the only one that is guaranteed, there's many things in the path of the network which could go awry. |
|
I can see it does find the .well-known file in the network log, and it is io.element.e2ee that is the correct key, as per https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md? Am I on the other hand wrong in understanding that it should have a visual impact in the client? Can I check somewhere that the client has gotten the key? |
|
In the |
|
I can see the toggle in the Create Room (I think this was always the case, though), but direct conversations are still encrypted upon creation. EDIT: Removed link |
Is that toggle (e2ee) on or off by default though? |
|
On by default here as well, when I open create room. And, there are no toggles when connecting to "People", I just get a conversation looking like this
|
|
What do you get when you run |
|
I get an empty object, {} Can this be CORS related, the client is running on (EDIT: Removed link), but I can see the request for the well-known file in the network tab, and there is the expected data in the response. |
|
Yeah if the request in the network tab is successful then I'd expect it to be in |
|
I think maybe my browser have this cached, if I try in another browser, I actually do get a CORS error. Man, this one is all on me, thank you so much for your help, and sorry to have wasted your time. Maybe I should write a bridge to chat via GitHub issue comments ;) |
|
I am running into this. I can't use I have tried putting the Please move configuration options somewhere where every spec-following deployment can set them. |
What makes you spec-following distinctly vs someone who hosts a |
|
I did say every spec-following deployments... I am not asking you to choose... I am not asking you to stick with using the server-discovery mechanism to publish those settings either. If it can't be done that way, maybe do it a different way, such as |
|
I have made a small attempt to update the synapse documentation to be more explicit about this particular topic, would love to get this audience's eyes on it to make sure this might help eliminate confusion in the future: matrix-org/synapse#14959 |
Description
Trying to implement #13914 I run into an issue.
I've added the json section in https://matrix.corporate.local/.well-known/matrix/client:
{"m.homeserver": {"base_url": "https://matrix.corporate.local/"}, "m.identity_server": {"base_url": "https://matrix.corporate.local"}, "im.vector.riot.e2ee": {"default": false}}and also in config.json of riot
Now my question is if that isn't enough and if not if we could please have the option to specify this via config.json of riot as well since that doesn't seem to work right now(?).
Because our synapse is running on matrix.corporate.local in a corporate environment where corporate.local points to the active directory servers on which I can't and also don't want to run a webserver to just serve a .well-known for the domain.
Steps to reproduce
Version information
For the web app:
The text was updated successfully, but these errors were encountered: