We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"user@converse.js" is logged in on Converse as well as another client, and receives a message from "user@external.xmpp".
<body xmlns="http://jabber.org/protocol/httpbind"> <message to="user@converse.js/converse.js-110793621" from="user@converse.js" type="chat" xmlns="jabber:client"> <received xmlns="urn:xmpp:carbons:2"> <forwarded xmlns="urn:xmpp:forward:0"> <message xml:lang="en" to="user@converse.js/gajim.JWFYXLW2" from="user@external.xmpp/gajim.O90OPUN4" type="chat" id="135b54c3-7d95-4260-bbcd-62e22069a8a5" xmlns="jabber:client"> <bla>...</bla> </message> </forwarded> </received> </message> </body>
This carbon is incorrectly blocked by the following code: https://github.com/conversejs/converse.js/blob/master/src/headless/converse-chatboxes.js#L946 since "user@converse.js" !== "user@external.xmpp".
Looking at https://xmpp.org/extensions/xep-0280.html#security, I presume they mean that the outer message's from should be equal to the logged-in account's jid.
from
Apart from fixing the check, I propose logging a warning message when the condition is triggered.
The text was updated successfully, but these errors were encountered:
Remove invalid carbon forging protection (conversejs#1550)
77a1f76
52ea8d5
No branches or pull requests
"user@converse.js" is logged in on Converse as well as another client, and receives a message from "user@external.xmpp".
This carbon is incorrectly blocked by the following code: https://github.com/conversejs/converse.js/blob/master/src/headless/converse-chatboxes.js#L946 since "user@converse.js" !== "user@external.xmpp".
Looking at https://xmpp.org/extensions/xep-0280.html#security, I presume they mean that the outer message's
from
should be equal to the logged-in account's jid.Apart from fixing the check, I propose logging a warning message when the condition is triggered.
The text was updated successfully, but these errors were encountered: