Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use OPTIONS for sliding sync detection poke #12492

Merged
merged 4 commits into from
May 3, 2024
Merged

Use OPTIONS for sliding sync detection poke #12492

merged 4 commits into from
May 3, 2024

Conversation

turt2live
Copy link
Member

This avoids unintended consequences, including high resource usage, which would accompany a "full" sync request. Instead, we just grab headers and enough information for CORS to pass, revealing likely support.

Fixes element-hq/element-web#27426

Requires matrix-org/matrix-js-sdk#4188

Checklist

  • Tests written for new code (and old code if feasible).
  • New or updated public/exported symbols have accurate TSDoc documentation.
  • Linter and other CI checks pass.
  • Sign-off given on the changes (see CONTRIBUTING.md).

turt2live and others added 2 commits May 2, 2024 17:07
@turt2live
Use OPTIONS for sliding sync detection poke
805165f 
This avoids unintended consequences, including high resource usage, which would accompany a "full" sync request. Instead, we just grab headers and enough information for CORS to pass, revealing likely support.

Fixes element-hq/element-web#27426
@turt2live
Merge branch 'develop' into travis/sliding-sync-safety
2cb52bc
@turt2live turt2live added the T-Defect Bugs, crashes, hangs, vulnerabilities, or other reported problems label May 2, 2024
@turt2live
Copy link
Member Author

for the record, I tested this against my own sliding sync proxy and it returned 200 OK to options without stealing the token, as expected. I don't believe we've got a test harness for the proxy set up, but ideally that would be proven with tests.

@turt2live turt2live marked this pull request as ready for review May 2, 2024 23:11
@turt2live turt2live requested a review from a team as a code owner May 2, 2024 23:11
@turt2live turt2live mentioned this pull request May 2, 2024
Closed
@turt2live
Copy link
Member Author 

Failed to collect coverage from /home/runner/work/matrix-react-sdk/matrix-react-sdk/src/workers/blurhashWorkerFactory.ts
ERROR: unknown: import.meta may appear only with 'sourceType: "module"' (92:94)
[trimmed: lots of scary errors]

I don't know what I did to deserve this failure mode - if folks have ideas, please let me know.

@turt2live turt2live enabled auto-merge May 3, 2024 06:11
@turt2live turt2live added this pull request to the merge queue May 3, 2024
Merged via the queue into develop with commit 3059b5b May 3, 2024
30 checks passed
@turt2live turt2live deleted the travis/sliding-sync-safety branch May 3, 2024 06:53
@turt2live turt2live mentioned this pull request May 3, 2024
Open
turt2live added a commit that referenced this pull request May 3, 2024
@turt2live
Check native sliding sync support against an unstable feature flag
7470ed7 
The `OPTIONS` approach from #12492 doesn't work because Synapse *always* responds with 204 (success) to `OPTIONS` requests, as described here: element-hq/synapse#17153

We further can't use `HEAD` because it's not part of the allowed CORS methods, meaning the browser will mask the exact status code and error message from us, and the proxy hangs on the request anyways: matrix-org/sliding-sync#429

To avoid these problems, we instead search for an unstable feature flag to be exposed by the server. Presence of this flag denotes native support. See https://github.com/matrix-org/matrix-spec-proposals/pull/3575/files#r1588877046 for details.

Implementations which support sliding sync natively will need to update to support this new unstable feature flag usage.
@turt2live turt2live mentioned this pull request May 3, 2024
Merged
4 tasks
@turt2live
Copy link
Member Author

The OPTIONS approach is faulty for the reasons described in this PR which fixes it: #12498

github-merge-queue bot pushed a commit that referenced this pull request May 3, 2024
@turt2live
Check native sliding sync support against an unstable feature flag (#…
f29823c 
…12498)

* Check native sliding sync support against an unstable feature flag

The `OPTIONS` approach from #12492 doesn't work because Synapse *always* responds with 204 (success) to `OPTIONS` requests, as described here: element-hq/synapse#17153

We further can't use `HEAD` because it's not part of the allowed CORS methods, meaning the browser will mask the exact status code and error message from us, and the proxy hangs on the request anyways: matrix-org/sliding-sync#429

To avoid these problems, we instead search for an unstable feature flag to be exposed by the server. Presence of this flag denotes native support. See https://github.com/matrix-org/matrix-spec-proposals/pull/3575/files#r1588877046 for details.

Implementations which support sliding sync natively will need to update to support this new unstable feature flag usage.

* Appease the linter

* Appease the tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh approved these changes

@t3chguy t3chguy Awaiting requested review from t3chguy t3chguy is a code owner automatically assigned from matrix-org/element-web-reviewers

@MidhunSureshR MidhunSureshR Awaiting requested review from MidhunSureshR MidhunSureshR is a code owner automatically assigned from matrix-org/element-web-reviewers

Assignees
No one assigned
Labels
T-Defect Bugs, crashes, hangs, vulnerabilities, or other reported problems
Projects
None yet
Milestone
No milestone
2 participants
@turt2live @richvdh