search

element-hq / element-web

A glossy Matrix collaboration client for the web.
https://element.io
Apache License 2.0
10.69k stars 1.88k forks source link

Element Web makes request to `/_matrix/client/unstable/org.matrix.msc3575/sync` on startup, causing lost to-device-messages #27426

Closed richvdh closed 2 weeks ago

richvdh commented 2 weeks ago

Introduced by https://github.com/matrix-org/matrix-react-sdk/pull/12307.

Calling /_matrix/client/unstable/org.matrix.msc3575/sync causes the SS proxy to start polling synapse with our access token, which means that it will receive (some of) our to-device messages instead of us, which means we will get decryption errors.

t3chguy commented 2 weeks ago

Calling /_matrix/client/unstable/org.matrix.msc3575/sync causes the SS proxy to start polling synapse with our access token, which means that it will receive (some of) our to-device messages instead of us

This sounds like a deployment issue. Nothing in MSC3575 or MSC3885 says /_matrix/client/unstable/org.matrix.msc3575/sync will prevent to_device message delivery via normal sync so using the proxy in place of the native endpoint causes this mishap.

turt2live commented 2 weeks ago

Calling /_matrix/client/unstable/org.matrix.msc3575/sync causes the SS proxy to start polling synapse with our access token, which means that it will receive (some of) our to-device messages instead of us

This sounds like a deployment issue. Nothing in MSC3575 or MSC3885 says /_matrix/client/unstable/org.matrix.msc3575/sync will prevent to_device message delivery via normal sync so using the proxy in place of the native endpoint causes this mishap.

Using POST can also have unintended consequences generally, like high resource utilization while the server calculates an initial response (in this case). If we don't expect things to happen, we shouldn't be using verbs which make things happen.

It just happens that a byproduct of the proxy is that it starts syncing for you, which was requested by the caller using an action-capable verb.