-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
comment out code that removes trailing slash as per 5823. #11224
comment out code that removes trailing slash as per 5823. #11224
Conversation
Signed-off-by: Jordan Hewitt <633901+src-r-r@users.noreply.github.com>
We actually title newsfragments after the PR, not the issue the fix, so a |
Great, thank you! |
I am not sure if modify the configuration is the right direction. synapse/synapse/rest/well_known.py Lines 31 to 47 in e320f5d
|
Gotcha. I'll modify it then. I'm not doubting you; I'm just curious--what's the reasoning? |
The reason is that |
related to #5823 |
I'm not necessarily sure I agree with this: it seems a bit silly to explicitly add a trailing slash in But for sure, if we change |
…WW43_5823_well-known-path-has-errant-trailing-slash
…g-slash-2' into jordan_2021WW43_5823_well-known-path-has-errant-trailing-slash
…WW43_5823_well-known-path-has-errant-trailing-slash
I think the commit history of this PR is a bit borked, i'd recommend looking at how to rebase your commits until the current main branch. |
I did do a rebase with develop. Should I do a rebase with main? |
No, hold on, something else weird is happening here then |
This passed most checks, but the sytest integration tests aren't happy. The failures aren't particularly clear, regrettably From a quick look, I don't think the I can't see what the failure is though. Maybe we need more |
After some more staring I saw this in the results.tap summary:
which comes from here: Sytest is expecting that Synapse makes a request whose It sounds like we want to change either Unfortunately this is all in sytest which is a separate repo. There is some configuration in CI to ensure we test synapse and sydent PRs against branches with the same name, if they exist. But I'm not sure if this is set up to work properly against forks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bearing with us on this one.
There's quite a few things in these changes that I don't follow, and in particular some config handling code that seems to have been deleted. There might be some confusion between the server and client well-known endpoints too?
Additionally, I think it might be clearer in places to use str.rstrip
to remove trailing slashes, rather than . (I sympathise with your comment on #5823 about urljoin --- I'd be fine with that too, but painful to implement it across the whole source tree.)
Taking a step back, the plan as I as I understand it is:
- when ingesting config, remove any trailing slashes from the end of the URL.
- keep the trimmed publicbase_url around in memory
- when serving the .well-known/matrix/server file, use the trimmed version
- fix up any remaining places which implicitly were expecting the baseurl config to end in a forward slash
- by adding an explicit '/' to the path we build
@@ -0,0 +1 @@ | |||
Remove trialing slashes form homeserver url so other services don't take it literally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few typos here: trialing
-> trailing
, form
-> from
, and I think url
-> URL
since the latter is an abbreviation.
I also think we can better explain the change from the user's perspective.
Remove trialing slashes form homeserver url so other services don't take it literally. | |
Ensure the URL served at `/.well-known/matrix/server/` does not end with a trailing slash, to workaround clients which expect this. |
# Uncomment the following to tell other servers to send federation traffic on | ||
# port 443. | ||
# | ||
# By default, other servers will try to reach our server on port 8448, which can | ||
# be inconvenient in some environments. | ||
# | ||
# Provided 'https://<server_name>/' on port 443 is routed to Synapse, this | ||
# option configures Synapse to serve a file at | ||
# 'https://<server_name>/.well-known/matrix/server'. This will tell other | ||
# servers to send traffic to port 443 instead. | ||
# | ||
# See https://matrix-org.github.io/synapse/latest/delegate.html for more | ||
# information. | ||
# | ||
# Defaults to 'false'. | ||
# | ||
#serve_server_wellknown: true | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this removed? We are trying to tweak the behaviour when serve_server_wellknown
is true.
# Defaults to 'https://<server_name>/'. | ||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this removed? At the very least, we should still describe the behaviour that happens if this config option is omitted (or else note and enforce that it is mandatory)
# Whether we should serve a "client well-known": | ||
# (a) at .well-known/matrix/client on our client HTTP listener | ||
# (b) in the response to /login | ||
# | ||
# ... which together help ensure that clients use our public_baseurl instead of | ||
# whatever they were told by the user. | ||
# | ||
# For the sake of backwards compatibility with existing installations, this is | ||
# True if public_baseurl is specified explicitly, and otherwise False. (The | ||
# reasoning here is that we have no way of knowing that the default | ||
# public_baseurl is actually correct for existing installations - many things | ||
# will not work correctly, but that's (probably?) better than sending clients | ||
# to a completely broken URL. | ||
self.serve_client_wellknown = False |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this removed? This removes functionality that we're not adjusting here (serving a json document at /.well-known/matrix/client
)
} | ||
) | ||
def test_client_well_known(self): | ||
channel = self.make_request( | ||
"GET", "/.well-known/matrix/client", shorthand=False | ||
) | ||
|
||
# import ipdb; ipdb.set_trace() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs removing.
_b_url = self.root.server.public_baseurl or "/" | ||
# if _b_url.endswith("/"): | ||
# _b_url = _b_url[:-1] | ||
login_fallback_url = _b_url + "_matrix/static/client/login" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's going on here? self.root.server.public_baseurl
doesn't end in /
, so why are we falling back to "/"
?
I would have expected to see _matrix
replaced with /_matrix
here --- it seems that the previous code assumped this ended with a slash.
@@ -204,6 +204,8 @@ def _default_saml_config_dict( | |||
optional_attributes -= required_attributes | |||
|
|||
public_baseurl = self.root.server.public_baseurl | |||
if not public_baseurl.endswith("/"): | |||
public_baseurl = public_baseurl + "/" | |||
metadata_url = public_baseurl + "_synapse/client/saml2/metadata.xml" | |||
response_url = public_baseurl + "_synapse/client/saml2/authn_response" | |||
return { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it'd be clearer if things called public_baseurl consistently did not end in a slash, and we changed path building to explicitly add in the slash. After all, the slash is part of a URL's path.
Also, I think the if
is redundant because the public_baseurl
is never going to end in a /
with the proposed changes?
public_baseurl = self.root.server.public_baseurl | ||
if not public_baseurl.endswith("/"): | ||
public_baseurl = public_baseurl + "/" | ||
self.oidc_callback_url = public_baseurl + "_synapse/client/oidc/callback" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as in saml2 applies
public_baseurl = self.root.server.public_baseurl | ||
if not public_baseurl.endswith("/"): | ||
public_baseurl = public_baseurl + "/" | ||
self.cas_service_url = public_baseurl + "_matrix/client/r0/login/cas/ticket" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as on saml2.py
# Defaults to 'https://<server_name>/'. | ||
# | ||
#public_baseurl: https://example.com/ | ||
|
||
# Uncomment the following to tell other servers to send federation traffic on | ||
# port 443. | ||
# | ||
# By default, other servers will try to reach our server on port 8448, which can | ||
# be inconvenient in some environments. | ||
# | ||
# Provided 'https://<server_name>/' on port 443 is routed to Synapse, this | ||
# option configures Synapse to serve a file at | ||
# 'https://<server_name>/.well-known/matrix/server'. This will tell other | ||
# servers to send traffic to port 443 instead. | ||
# | ||
# See https://matrix-org.github.io/synapse/latest/delegate.html for more | ||
# information. | ||
# | ||
# Defaults to 'false'. | ||
# | ||
#serve_server_wellknown: true | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've commented below where this is generated, but I don't think it's correct to remove this. Don't forget to re-run the script that generates this config once you've made changes.
I think we're going around in circles a bit because #5823 superficially appeared simple, but in actually attempting to resolve it, @src-r-r has unearthed a bunch of conflicting / contradictory / undefined behavior. I suspect it would be a worthwhile effort for someone on the Synapse team to write a new issue to replace #5823, which more completely enumerates the problem, solution, and consequences thereof. Regardless, it seems clear to me that clients should (must?) be robust against base_url's both with and without trailing slashes, doubly so since matrix.org is inconsistent with Synapse's default behavior. |
Yes, @callahad , thank you! 😆 |
@DMRobertson, what's your take on this issue? |
@src-r-r Per discussion on the Matrix Spec matrix-org/matrix-spec-proposals#3465 (comment) we've ultimately decided that mandating either that trailing slashes are stripped or that they're added is fraught with peril, and that the only practically viable path forward is to explicitly instruct clients to handle both cases. This has now become part of the Matrix spec, rendering this pull request moot. I'm terribly sorry that the outcome of your hard work is not ✅ Merged!, but in many ways this is a much more valuable result: your wrangling with this issue catalyzed improvements to the Matrix Spec in a way that will make the ecosystem itself much more robust. We wouldn't have gotten there without your involvement in this pull request. Thank you. |
Thank you @callahad . |
Signed-off-by: Jordan Hewitt 633901+src-r-r@users.noreply.github.com
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.