mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-12 08:43:55 +02:00
9dad4c7c2d
This is provoked by Github issue #46. No client had made use of the well-known mechanism so far, so the set up performed by this playbook was not tested and turned out to be a little deficient. Even though /.well-known/matrix/client is usually requested with a simple request (no preflight), it's still considered cross-origin and [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) applies. Thus, the file always needs to be served with the appropriate `Access-Control-Allow-Origin` header. Github issue #46 attempts to fix it at the "reverse-proxying" layer, which may work, but would need to be done for every server. It's better if it's done "upstream", so that all reverse-proxy configurations can benefit.
56 lines
2.8 KiB
YAML
56 lines
2.8 KiB
YAML
---
|
|
|
|
- set_fact:
|
|
well_known_url_matrix: "https://{{ hostname_matrix }}/.well-known/matrix/client"
|
|
well_known_url_identity: "https://{{ hostname_identity }}/.well-known/matrix/client"
|
|
|
|
|
|
- name: Check .well-known on the matrix hostname
|
|
uri:
|
|
url: "{{ well_known_url_matrix }}"
|
|
follow_redirects: false
|
|
register: result_well_known_matrix
|
|
ignore_errors: true
|
|
|
|
- name: Fail if .well-known not working on the matrix hostname
|
|
fail:
|
|
msg: "Failed checking well-known is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
|
when: "result_well_known_matrix.failed or 'json' not in result_well_known_matrix"
|
|
|
|
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
|
fail:
|
|
msg: "Well-known serving for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
|
when: "'access_control_allow_origin' not in result_well_known_matrix"
|
|
|
|
- name: Report working .well-known on the matrix hostname
|
|
debug:
|
|
msg: "well-known is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
|
|
|
|
|
- name: Check .well-known on the identity hostname
|
|
uri:
|
|
url: "{{ well_known_url_identity }}"
|
|
follow_redirects: false
|
|
register: result_well_known_identity
|
|
ignore_errors: true
|
|
|
|
- name: Fail if .well-known not working on the identity hostname
|
|
fail:
|
|
msg: "Failed checking well-known is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
|
when: "result_well_known_identity.failed or 'json' not in result_well_known_identity"
|
|
|
|
- name: Fail if .well-known not CORS-aware on the identity hostname
|
|
fail:
|
|
msg: "Well-known serving for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
|
when: "'access_control_allow_origin' not in result_well_known_identity"
|
|
|
|
# For people who manually copy the well-known file, try to detect if it's outdated
|
|
- name: Fail if well-known is different on matrix hostname and identity hostname
|
|
fail:
|
|
msg: "The well-known files at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file manually before and now it's outdated?"
|
|
when: "result_well_known_matrix.json|to_json != result_well_known_identity.json|to_json"
|
|
|
|
- name: Report working .well-known on the identity hostname
|
|
debug:
|
|
msg: "well-known is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|