Right now, if Sydent is contacted by a homeserver as sydent.xyz.xyz but Sydent is configured as xyz.xyz, the request will fail by complaining about a corrupt or forged signature (SignatureVerifyException). It's fairly obscure.
This could be a lot better reported by making use of the HTTP Host header and detecting when that doesn't match what we expect.
Would have spotted #512 much more easily.
Potential problem: reverse proxies may not set the Host header by default. We could ameliorate this by providing example Nginx/... config that sets it, or warning if it's not present.
Right now, if Sydent is contacted by a homeserver as
sydent.xyz.xyzbut Sydent is configured asxyz.xyz, the request will fail by complaining about a corrupt or forged signature (SignatureVerifyException). It's fairly obscure. This could be a lot better reported by making use of the HTTPHostheader and detecting when that doesn't match what we expect.Would have spotted #512 much more easily.
Potential problem: reverse proxies may not set the
Hostheader by default. We could ameliorate this by providing example Nginx/... config that sets it, or warning if it's not present.