sydent icon indicating copy to clipboard operation
sydent copied to clipboard
verified publisher icon matrix-org

Sydent could give more helpful warnings if the `Host` header doesn't match the configured value

Open reivilibre opened this issue 3 years ago • 1 comments

Right now, if Sydent is contacted by a homeserver as sydent.xyz.xyz but Sydent is configured as xyz.xyz, the request will fail by complaining about a corrupt or forged signature (SignatureVerifyException). It's fairly obscure. This could be a lot better reported by making use of the HTTP Host header and detecting when that doesn't match what we expect.

Would have spotted #512 much more easily.

Potential problem: reverse proxies may not set the Host header by default. We could ameliorate this by providing example Nginx/... config that sets it, or warning if it's not present.

reivilibre avatar Mar 22 '22 13:03 reivilibre

For your information, this issue has been copied over to the Element fork of sydent: https://github.com/element-hq/sydent/issues/513

matrixbot avatar Jul 18 '25 14:07 matrixbot