You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, if Sydent is contacted by a homeserver as sydent.xyz.xyz but Sydent is configured as xyz.xyz, the request will fail by complaining about a corrupt or forged signature (SignatureVerifyException). It's fairly obscure.
This could be a lot better reported by making use of the HTTP Host header and detecting when that doesn't match what we expect.
Potential problem: reverse proxies may not set the Host header by default. We could ameliorate this by providing example Nginx/... config that sets it, or warning if it's not present.
The text was updated successfully, but these errors were encountered:
Right now, if Sydent is contacted by a homeserver as
sydent.xyz.xyz
but Sydent is configured asxyz.xyz
, the request will fail by complaining about a corrupt or forged signature (SignatureVerifyException
). It's fairly obscure.This could be a lot better reported by making use of the HTTP
Host
header and detecting when that doesn't match what we expect.Would have spotted #512 much more easily.
Potential problem: reverse proxies may not set the
Host
header by default. We could ameliorate this by providing example Nginx/... config that sets it, or warning if it's not present.The text was updated successfully, but these errors were encountered: