PrivateCoffee/element-web
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
element-web/src
History
Travis Ralston d851f2e45f Fix OpenID requests from widgets 
Fixes https://github.com/vector-im/riot-web/issues/13131

Widgets can request an OpenID token to authenticate the user when the widget is missing authentication information. A common case for this is the Dimension sticker picker: sometimes the Riot is running in doesn't have the configuration to match the Dimension instance, so Riot rightly refuses to send an auth token to the widget. When this happens, it requests a token through postMessage().

There's a toggle on the permission dialog to remember the setting, which is the widget's security key. As an added measure, the security key generation ensures the widget URL matches as the 'remember this choice' toggle will silently work in the background, and it could be dangerous if the widget's URL changed and Riot secretly allows the widget to identify the user. This check was failing because the WidgetMessaging class was being set up with the rendered URL, which will not match the widget's URL at all. To fix this, we simply use the widget's URL to set up the messaging, which by proxy uses the right URL in calculating the security key.
2020-04-22 00:27:20 -06:00
..
@types Convert submit-rageshake to typescript 2020-04-19 12:06:56 +01:00
accessibility Document Composer:Escape to cancel a reply 2020-03-29 20:35:35 +01:00
actions Ensure DMs tagged outside of account data work in the invite dialog 2020-02-24 19:43:49 -07:00
async-components/views/dialogs Handle load error in create secret storage dialog 2020-04-20 18:10:23 +01:00
autocomplete make code more readable as per pr suggestion 2020-04-14 13:07:44 +01:00
components Fix OpenID requests from widgets 2020-04-22 00:27:20 -06:00
contexts
editor match all, not just first instance of tokens to escape 2020-04-15 02:31:30 +01:00
emojipicker Resolve default export warnings from Webpack 2020-01-24 22:26:34 +00:00
hooks Check for cross-signing homeserver support 2020-02-24 15:04:34 +00:00
i18n/strings Merge remote-tracking branch 'origin/develop' into dbkr/create_secret_storage_handle_load_error 2020-04-21 09:40:44 +01:00
indexing EventIndex: Add a missing semicolon. 2020-04-20 10:10:16 +02:00
integrations Fix various leaks due to method re-binding 2020-02-20 02:35:30 +00:00
mjolnir Make Mjolnir stop more robust 2020-03-09 15:24:56 +00:00
notifications
rageshake Convert submit-rageshake to typescript 2020-04-19 12:06:56 +01:00
resizer
settings Merge branches 'develop' and 't3chguy/user_online_dot' of github.com:matrix-org/matrix-react-sdk into t3chguy/user_online_dot 2020-04-17 12:58:54 +01:00
stores Merge branch 'develop' into travis/moar-jitsi 2020-04-20 09:21:48 -06:00
usercontent only automatically download in usercontent if user requested it 2020-03-03 13:23:33 +00:00
utils Merge branch 'develop' into travis/moar-jitsi 2020-04-20 09:21:48 -06:00
widgets Allow iframes and Jitsi URLs in /addwidget 2020-04-09 16:03:40 -06:00
ActiveRoomObserver.js
AddThreepid.js Appease the linter 2020-03-30 20:24:53 -06:00
Analytics.js Analytics.js gets executed during times where localStorage is not ensured to exist 2020-04-08 21:42:58 +01:00
AsyncWrapper.js Use componentDidMount in place of componentWillMount where possible 2020-03-31 14:14:17 -06:00
Avatar.js Apply null-guard to room pills for when we can't fetch the room 2020-02-21 14:14:24 +00:00
BasePlatform.js Add riot-desktop shortcuts for forward/back matching browsers&slack 2020-04-11 18:57:59 +01:00
boundThreepids.js
CallHandler.js Support m.jitsi-typed widgets as Jitsi widgets 2020-04-09 15:11:57 -06:00
CallMediaHandler.js
ContentMessages.js
createRoom.js Convert cross-signing feature flag to setting 2020-04-15 13:18:42 -06:00
CrossSigningManager.js Copy tweaks with Nad 2020-04-16 12:52:35 +01:00
cryptodevices.js
DateUtils.js
DecryptionFailureTracker.js
DeviceListener.js Don't recheck DeviceListener until after initial sync is finished 2020-04-20 14:36:15 +01:00
dispatcher.js
email.js
emoji.js fix compound emoji 2020-01-26 22:17:31 +00:00
extend.js
FromWidgetPostMessageApi.js Silence another console.warn that should have been a log 2020-04-01 14:40:51 -06:00
GroupAddressPicker.js
groups.js
HtmlUtils.js Ensure linkified topics in the room directory also work 2020-03-04 14:14:03 -07:00
IdentityAuthClient.js Remove v1 identity server fallbacks 2020-03-09 17:05:13 -06:00
ImageUtils.js
index.js
Keyboard.ts Add riot-desktop shortcuts for forward/back matching browsers&slack 2020-04-11 18:57:59 +01:00
KeyRequestHandler.js Convert cross-signing feature flag to setting 2020-04-15 13:18:42 -06:00
languageHandler.js Notify electron of language changes 2020-02-24 17:11:08 +00:00
Lifecycle.js Merge pull request #4348 from matrix-org/travis/jitsi/wellknown 2020-04-07 10:03:05 -06:00
linkify-matrix.js Fix soft-crash on bad permalinks 2020-03-26 10:45:26 +00:00
Login.js riot-desktop open SSO in browser so user doesn't have to auth twice 2020-03-02 14:59:54 +00:00
Markdown.js Use noreferrer in addition to noopener for edge case browsers 2020-02-23 22:14:29 +00:00
MatrixClientPeg.js Add a flag to control whether cross-signing signatures are trusted 2020-03-25 18:38:12 +00:00
Modal.js fix lint, add jsdoc 2020-02-06 15:29:35 +01:00
Notifier.js Special-case certain msgtypes for notifications 2020-04-06 16:26:04 +01:00
ObjectUtils.js
PageTypes.js
PasswordReset.js
PhasedRollOut.js
phonenumber.js
PlatformPeg.js
Presence.js
ratelimitedfunc.js
Registration.js Apply suggestions from code review 2020-02-28 10:47:23 +00:00
Resend.js
Roles.js
RoomAliasCache.js
RoomInvite.js
RoomListSorter.js
RoomNotifs.js
Rooms.js use alt_aliases rather than aliases for the display alias 2020-02-21 13:02:35 +01:00
ScalarAuthClient.js
ScalarMessaging.js Merge branch 'develop' into travis/moar-jitsi 2020-04-14 12:57:28 -06:00
SdkConfig.ts Remove get-config API 2020-04-01 10:40:03 +01:00
Searching.js Searching: Return an empty result if the search term is an empty string. 2020-03-20 11:38:43 +01:00
SendHistoryManager.js
shouldHideEvent.js
Skinner.js Appease the linter 2020-01-28 12:53:37 +00:00
SlashCommands.tsx Name Jitsi correctly in args 2020-04-20 09:35:35 -06:00
Terms.js
TextForEvent.js Add comments to highlight where we'll need m.widget support 2020-04-09 15:14:07 -06:00
theme.js Fix theme being overridden to light even after login is completed 2020-02-21 14:40:42 +00:00
Tinter.js
ToWidgetPostMessageApi.js
Unread.js
UserActivity.js
UserAddress.js
VectorConferenceHandler.js
Velociraptor.js
VelocityBounce.js
verification.js Convert cross-signing feature flag to setting 2020-04-15 13:18:42 -06:00
WhoIsTyping.js
WidgetMessaging.js Use console.log in place of console.warn for less warnings 2020-04-01 13:59:48 -06:00
WidgetMessagingEndpoint.js