From 964a3bc35b4852e60de66feea09d1c62a60f1915 Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 25 Apr 2018 11:10:46 +0100 Subject: [PATCH] Add readme bit on cross-origin renderer --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 705f269ddc..9a030913b3 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,15 @@ We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See https://github.com/vector-im/riot-web/issues/1977 for more details. +The same applies for end-to-end encrypted content, but since this is decrypted +on the client, Riot needs a way to supply the decrypted content from a separate +origin to the one Riot is hosted on. This currently done with a 'cross origin +renderer' which is a small piece of javascript hosted on a different domain. +To avoid all Riot installs needing one of these to be set up, riot.im hosts +one on usercontent.riot.im which is used by default. See 'config.json' if you'd +like to host your own. https://github.com/vector-im/riot-web/issues/6173 tracks +progress on replacing this with something better. + Building From Source ====================