Merge pull request #12292 from vector-im/t3chguy/usercontent

Get rid of dependence on usercontent.riot.im
pull/12425/head
Michael Telatynski 2020-02-19 13:00:02 +00:00 committed by GitHub
commit 2c572bbe1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 19 deletions

View File

@ -18,6 +18,7 @@
"test/svg/filters",
"test/css/animations",
"test/css/filters",
"test/network/fetch"
"test/network/fetch",
"test/iframe/sandbox"
]
}

View File

@ -69,15 +69,6 @@ We have put some coarse mitigations into place to try to protect against this
situation, but it's still not good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details.
The same applies for end-to-end encrypted content, but since this is decrypted
on the client, Riot needs a way to supply the decrypted content from a separate
origin to the one Riot is hosted on. This currently done with a 'cross origin
renderer' which is a small piece of javascript hosted on a different domain.
To avoid all Riot installs needing one of these to be set up, riot.im hosts
one on usercontent.riot.im which is used by default.
https://github.com/vector-im/riot-web/issues/6173 tracks progress on replacing
this with something better.
Building From Source
====================

View File

@ -57,11 +57,6 @@ For a good example, see https://riot.im/develop/config.json.
1. `update_base_url` (electron app only): HTTPS URL to a web server to download
updates from. This should be the path to the directory containing `macos`
and `win32` (for update packages, not installer packages).
1. `cross_origin_renderer_url`: URL to a static HTML page hosting code to help display
encrypted file attachments. This MUST be hosted on a completely separate domain to
anything else since it is used to isolate the privileges of file attachments to this
domain. Default: `https://usercontent.riot.im/v1.html`. This needs to contain v1.html from
https://github.com/matrix-org/usercontent/blob/master/v1.html
1. `piwik`: Analytics can be disabled by setting `piwik: false` or by leaving the piwik config
option out of your config file. If you want to enable analytics, set `piwik` to be an object
containing the following properties:
@ -87,7 +82,7 @@ For a good example, see https://riot.im/develop/config.json.
default homeserver when signing up or logging in.
1. `permalinkPrefix`: Used to change the URL that Riot generates permalinks with.
By default, this is "https://matrix.to" to generate matrix.to (spec) permalinks.
Set this to your Riot instance URL if you run an unfederated server (eg:
Set this to your Riot instance URL if you run an unfederated server (eg:
"https://riot.example.org").
Note that `index.html` also has an og:image meta tag that is set to an image

File diff suppressed because one or more lines are too long

View File

@ -34,6 +34,7 @@ module.exports = (env, argv) => {
"bundle": "./src/vector/index.js",
"indexeddb-worker": "./src/vector/indexeddb-worker.js",
"mobileguide": "./src/vector/mobile_guide/index.js",
"usercontent": "./node_modules/matrix-react-sdk/src/usercontent/index.js",
// CSS themes
"theme-light": "./node_modules/matrix-react-sdk/res/themes/light/css/light.scss",
@ -302,7 +303,7 @@ module.exports = (env, argv) => {
// HtmlWebpackPlugin will screw up our formatting like the names
// of the themes and which chunks we actually care about.
inject: false,
excludeChunks: ['mobileguide'],
excludeChunks: ['mobileguide', 'usercontent'],
minify: argv.mode === 'production',
vars: {
og_image_url: og_image_url,
@ -316,6 +317,14 @@ module.exports = (env, argv) => {
minify: argv.mode === 'production',
chunks: ['mobileguide'],
}),
// This is the usercontent sandbox's entry point (separate for iframing)
new HtmlWebpackPlugin({
template: './node_modules/matrix-react-sdk/src/usercontent/index.html',
filename: 'usercontent/index.html',
minify: argv.mode === 'production',
chunks: ['usercontent'],
}),
],
output: {