Skip to content
This repository has been archived by the owner on Nov 25, 2024. It is now read-only.

Authenticated media requires authentication even on OPTIONS method #3424

Closed
arenekosreal opened this issue Sep 16, 2024 · 0 comments · Fixed by #3431
Closed

Authenticated media requires authentication even on OPTIONS method #3424

arenekosreal opened this issue Sep 16, 2024 · 0 comments · Fixed by #3431

Comments

@arenekosreal
Copy link
Contributor

Background information

  • Dendrite version or git SHA: 0.13.8
  • SQLite3 or Postgres?: postgres
  • Running in Docker?: no
  • go version: 1.23.1
  • Client used (if applicable): Cinny web 4.2.1 on ungoogled-chromium 128.0.6613.113

Description

  • What is the problem: Cinny fails to load all media through MSC3916 endpoints.
  • Who is affected: Me
  • How is this bug manifesting: In chromium's developer tools, all media requests through MSC3916 endpoints failed to perform correctly.
  • When did this first appear: after Cinny upgraded to 4.2.1 and dendrite upgraded to 0.13.8

Steps to reproduce

  • Ensure Cinny web version is 4.2.1 and dendrite version is 0.13.8
  • Simply login and check media like avatars or images in chat.
  • You will find those media failed to load.
  • Check developer tools in browser for the requests to the media
  • You will find GET request failed with net::ERR_FAILED, fetch request failed with CORS error, preflight request failed with 401 Unauthorized

Screenshots of developer tools

image

Notes

According to this stackoverflow answer, authentication in preflight requests is not possible, so this may be the cause.
@arenekosreal arenekosreal mentioned this issue Sep 20, 2024
Merged
2 tasks
@makidoll makidoll mentioned this issue Oct 1, 2024
Open
This was referenced Nov 2, 2024
Closed
Open
@Lunaphied Lunaphied mentioned this issue Dec 4, 2024
Closed
neilalexander pushed a commit to neilalexander/harmony that referenced this issue Dec 5, 2024
@arenekosreal @neilalexander
Make OPTIONS method on MSC3916 endpoints available without auth (#3431)
7023960 
OPTIONS method is usually sent by browser in preflight requests, most of
the time we cannot control preflight request to add auth header.

Synapse will return a 204 response directly without authentication for
those OPTIONS method.

According to firefox's documentation, both 200 and 204 are acceptable so
I think there is no need to change handler in dendrite.

This closes matrix-org/dendrite#3424

No need to add a test because this is just a fix and I have tested on my
Cinny Web client personally.

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off below using a legally
identifiable
name](https://matrix-org.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: `arenekosreal
<17194552+arenekosreal@users.noreply.github.com>`

Signed-off-by: arenekosreal <17194552+arenekosreal@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make OPTIONS method on MSC3916 endpoints available without auth
1 participant
@arenekosreal