Is installing riot in subdomain of the domain used by synapse a problem? #10799
Comments
|
This is more a support question for #riot:matrix.org which is why it never got attention on an already closed issue. |
|
I could ask it on #riot:matrix.org yep. I asked here because seeing the reactions on my previous comment, it seemed that other people were interested as well. |
|
Subdomains are different domains as far as CORS is concerned, however do be cautious about running your homeserver on example.org and riot on riot.example.org |
|
Thank you for the precision @turt2live. |
|
You theoretically can open yourself up to XSS and similar attacks if using the same domain. It's generally considered a very bad practice. |
|
Hello, And how about this follow configurations:
|
|
@Josue-T this is not the place to verify your configuration. Please visit #riot-web:matrix.org or #synapse:matrix.org instead. |
|
I find @Josue-T's question useful and still feel not so clear about this issue. |
|
I don't understand the insistence on keeping an issue extant on the repo just says "hey ask here on this other place that isn't going to be indexed by google" |
In this issue it's explained that you shouldn't run riot with the same domain where synapse is running. I posted this question to get details about it but never got any comment on that, so I thought maybe I can create a proper issue for this question.
The thread mentions (from what I understand) that having Riot and Synapse served in
matrix.domain.tldandriot.domain.tlddoesn't bring security issues.I was wondering if the same apply to Synapse serving in
domain.tldand riot inriot.domain.tld, since Synapse is then in a parent domain.Also, it's mentioned that it's better to run Synapse and Riot in different machines (whether physical or virtual).
What are the security implications of running Synapse and Riot on the same machine?
Thanks a lot for the attention :)
The text was updated successfully, but these errors were encountered: