search

ma1uta / ma1sd

Federated Matrix Identity Server (formerly fork of kamax/mxisd)
GNU Affero General Public License v3.0
167 stars 55 forks source link

When api v1 is diabled, CORS Headers are missing. #94

Open 4censord opened 3 years ago

4censord commented 3 years ago

When api v1 is disabled, ma1sd responds with HTTP/2 405 to any request to v1 endpoints.

Config snippet ```yaml matrix: v1: false v2: true ```

api/v1

$ curl -i ma1sd.tld/_matrix/identity/v1
HTTP/2 405 
content-length: 0
date: Fri, 21 May 2021 11:14:17 GMT
strict-transport-security: max-age=16000000;

with api/v2

$ curl -i ma1sd.tld/_matrix/identity/v2
HTTP/2 200 
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-type: application/json
content-length: 2
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
date: Fri, 21 May 2021 11:14:15 GMT
strict-transport-security: max-age=16000000;

{}

Due to the missing CORS Header Element web shows an error: image

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ma1sd.tld/_matrix/identity/api/v1. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Im not sure if element web should be trying to reach api v1, but its failing nontheless.

4censord commented 5 months ago

Just ran into this again with a new deployment