Get rid of dependence on usercontent.riot.im

This commit is contained in:
Michael Telatynski 2020-02-07 22:07:30 +00:00
parent 54f7347da5
commit 98773df76e
6 changed files with 77 additions and 12 deletions

View file

@ -7,7 +7,6 @@
"feature-detects": [ "feature-detects": [
"test/css/displaytable", "test/css/displaytable",
"test/css/flexbox", "test/css/flexbox",
"test/es5/specification",
"test/css/objectfit", "test/css/objectfit",
"test/storage/localstorage", "test/storage/localstorage",
"test/es6/array", "test/es6/array",
@ -18,6 +17,7 @@
"test/svg/filters", "test/svg/filters",
"test/css/animations", "test/css/animations",
"test/css/filters", "test/css/filters",
"test/network/fetch" "test/network/fetch",
"test/iframe/sandbox"
] ]
} }

View file

@ -57,11 +57,6 @@ For a good example, see https://riot.im/develop/config.json.
1. `update_base_url` (electron app only): HTTPS URL to a web server to download 1. `update_base_url` (electron app only): HTTPS URL to a web server to download
updates from. This should be the path to the directory containing `macos` updates from. This should be the path to the directory containing `macos`
and `win32` (for update packages, not installer packages). and `win32` (for update packages, not installer packages).
1. `cross_origin_renderer_url`: URL to a static HTML page hosting code to help display
encrypted file attachments. This MUST be hosted on a completely separate domain to
anything else since it is used to isolate the privileges of file attachments to this
domain. Default: `https://usercontent.riot.im/v1.html`. This needs to contain v1.html from
https://github.com/matrix-org/usercontent/blob/master/v1.html
1. `piwik`: Analytics can be disabled by setting `piwik: false` or by leaving the piwik config 1. `piwik`: Analytics can be disabled by setting `piwik: false` or by leaving the piwik config
option out of your config file. If you want to enable analytics, set `piwik` to be an object option out of your config file. If you want to enable analytics, set `piwik` to be an object
containing the following properties: containing the following properties:

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,12 @@
<html>
<head>
<!--
Hello! If you're reading this, perhaps you're wondering what this
file is doing and why your Riot is using it.
In short, this allows Riot to isolate potentially unsafe encrypted
attachments into their own origin, away from your Riot.
Stay curious!
-->
</head>
<body></body>
</html>

View file

@ -0,0 +1,48 @@
var params = window.location.search.substring(1).split('&');
var lockOrigin;
for (var i = 0; i < params.length; ++i) {
var parts = params[i].split('=');
if (parts[0] === 'origin') lockOrigin = decodeURIComponent(parts[1]);
}
function remoteRender(event) {
const data = event.data;
const img = document.createElement("img");
img.id = "img";
img.src = data.imgSrc;
const a = document.createElement("a");
a.id = "a";
a.rel = data.rel;
a.target = data.target;
a.download = data.download;
a.style = data.style;
a.style.fontFamily = "Arial, Helvetica, Sans-Serif";
a.href = window.URL.createObjectURL(data.blob);
a.appendChild(img);
a.appendChild(document.createTextNode(data.textContent));
const body = document.body;
// Don't display scrollbars if the link takes more than one line to display.
body.style = "margin: 0px; overflow: hidden";
body.appendChild(a);
}
function remoteSetTint(event) {
const data = event.data;
const img = document.getElementById("img");
img.src = data.imgSrc;
img.style = data.imgStyle;
const a = document.getElementById("a");
a.style = data.style;
}
window.onmessage = function(e) {
if (lockOrigin === undefined || e.origin === lockOrigin) {
if (e.data.blob) remoteRender(e);
else remoteSetTint(e);
}
};

View file

@ -18,7 +18,7 @@ module.exports = (env, argv) => {
if (argv.mode !== "production") { if (argv.mode !== "production") {
// This makes the sourcemaps human readable for developers. We use eval-source-map // This makes the sourcemaps human readable for developers. We use eval-source-map
// because the plain source-map devtool ruins the alignment. // because the plain source-map devtool ruins the alignment.
development['devtool'] = 'eval-source-map'; development['devtool'] = 'source-map';
} }
// Resolve the directories for the react-sdk and js-sdk for later use. We resolve these early so we // Resolve the directories for the react-sdk and js-sdk for later use. We resolve these early so we
@ -34,6 +34,7 @@ module.exports = (env, argv) => {
"bundle": "./src/vector/index.js", "bundle": "./src/vector/index.js",
"indexeddb-worker": "./src/vector/indexeddb-worker.js", "indexeddb-worker": "./src/vector/indexeddb-worker.js",
"mobileguide": "./src/vector/mobile_guide/index.js", "mobileguide": "./src/vector/mobile_guide/index.js",
"usercontent": "./src/vector/usercontent/index.js",
// CSS themes // CSS themes
"theme-light": "./node_modules/matrix-react-sdk/res/themes/light/css/light.scss", "theme-light": "./node_modules/matrix-react-sdk/res/themes/light/css/light.scss",
@ -302,7 +303,7 @@ module.exports = (env, argv) => {
// HtmlWebpackPlugin will screw up our formatting like the names // HtmlWebpackPlugin will screw up our formatting like the names
// of the themes and which chunks we actually care about. // of the themes and which chunks we actually care about.
inject: false, inject: false,
excludeChunks: ['mobileguide'], excludeChunks: ['mobileguide', 'usercontent'],
minify: argv.mode === 'production', minify: argv.mode === 'production',
vars: { vars: {
og_image_url: og_image_url, og_image_url: og_image_url,
@ -316,6 +317,14 @@ module.exports = (env, argv) => {
minify: argv.mode === 'production', minify: argv.mode === 'production',
chunks: ['mobileguide'], chunks: ['mobileguide'],
}), }),
// This is the usercontent sandbox's entry point (separate for iframing)
new HtmlWebpackPlugin({
template: './src/vector/usercontent/index.html',
filename: 'usercontent/index.html',
minify: argv.mode === 'production',
chunks: ['usercontent'],
}),
], ],
output: { output: {
@ -346,6 +355,7 @@ module.exports = (env, argv) => {
// tedious in Riot since that can take a while. // tedious in Riot since that can take a while.
hot: false, hot: false,
inline: false, inline: false,
disableHostCheck: true,
}, },
}; };
}; };