Filename included in media upload url doesn't work #218
Labels
No labels
Android
CS::needs customer feedback
CS::needs follow up
CS::needs on prem installation
CS::waiting
Chrome
Design:: Ready
Design:: in progress
Design::UX
E2EE
Edge
Firefox
GDPR
Iteration 13 IM
Linux
MacOS
Need::Discussion
Need::Steps to reproduce
Need::Upstream fix
Needs:: Planning
Needs::Dev-Team
Needs::More information
Needs::Priority
Needs::Product
Needs::Refinement
Needs::Severity
Priority::1-Critical
Priority::2-Max
Priority::3-Impending
Priority::4-High
Priority::5-Medium
Priority::6-Low
Priority::7-None
Progress::Backlog
Progress::Review
Progress::Started
Progress::Testing
Progress::Triage
Progress::Waiting
Reporter::Sentry
Safari
Target::Community
Target::Customer
Target::Internal
Target::PoC
Target::Security
Team:Customer-Success
Team:Design
Team:Infrastructure
Team:Instant-Messaging
Team:Product
Team:Workflows
Type::Bug
Type::Design
Type::Documentation
Type::Feature
Type::Improvement
Type::Support
Type::Tests
Windows
blocked
blocked-by-spec
cla-signed
conduit
contribution::advanced
contribution::easy
contribution::help needed
from::review
iOS
p::ti-tenant
performance
product::triage
proposal
refactor
release-blocker
s: dart_openapi_codegen
s::Famedly-Patient
s::Org-Directory
s::Passport-Generator
s::Requeuest
s:CRM
s:Famedly-App
s:Famedly-Web
s:Fhiroxide
s:Fhiroxide-cli
s:Fhiroxide-client
s:Fhirs
s:Hedwig
s:LISA
s:Matrix-Dart-SDK
s:Role-Manager
s:Synapse
s:User-Directory
s:WFS-Matrix
s:Workflow Engine
s:dtls
s:famedly-error
s:fcm-shared-isolate
s:matrix-api-lite
s:multiple-tab-detector
s:native-imaging
severity::1
severity::2
severity::3
severity::4
technical-debt
voip
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Matthias/conduit#218
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When uploading files the Matrix specs say that the actual filename should be included in the URL:
https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-media-r0-download-servername-mediaid-filename
However Conduit only constructs the URL up to the media id.
When requesting the same file with the actual filename in the end it fails with "404 Not Found".
This is a problem with using Heisenbridge as it adds the file name to the download URL when pasting the link into the IRC channel.
Thanks for looking into this
Is this a new endpoint? It looks like we don't support it at all yet.
This is not a new endpoint, it's
ruma::api::client::r0::media::get_content_as_filename
.mentioned in merge request !266
This can be closed, as !266 adds the endpoint.
So I just update to the new build and there is a different issue now.
It newly fails to account for the actual server name and sends
http://localhost:6167/...
instead of the actually configured hostname.The remaining part of the url seems to be correct with file name at the end now and it does work when I manually replace it with the correct domain.
I didn't change any other settings and before it got the domain just fine.
I'm not sure I understand what you are describing. Media download works for me - both local and federated, and according to my web logs correct requests are being sent...
Yes on the Matrix side everything seems fine, but that was also before.
But Heisenbrige makes a link for IRC out of it and while the link with the file-name as by the Matrix specs works now with Conduit, Heisenbridge does not anymore get the real hostname. This is some sort of regression as it managed to do so before this fix.
I looked into how heisenbridge works (been wanting to set it up anyway), and I think you just need to set "mediaurl" in heisenbridge to the correct url of your homeserver. Also check output (you may need
-v
or-vv
on heisenbridge startup for lines like:True, manually setting the mediaurl seems to work.
But it is odd that this was not necessary before this change.
@ticho34782694 I noticed that image links are also presented as downloads when accessing them externally through Heisenbridge for example, instead of being displayed directly by the browser.
I think this is a html header issue that might be fixable in conduit? (or alternatively maybe in the default Nginx setup?).
This is between the browser and the webserver that is serving the content. See documentation on "Content-Disposition" and "Content-Type" HTTP headers, and configure your webserver accordingly.
In any case, this is wildly off-topic here.
Seems like there is actually another issue with the content-type for images being set to
application/json
You can try an image link shared though my Conduit server here. It does show up fine in Element, but when accessing it though Heisenbridge etc the behavior is a bit strange.
When you curl it like this:
curl -IL https://irc.freegamedev.net/_matrix/media/r0/download/irc.freegamedev.net/shJ1j4Kf75Wa5aivULQZMSZVsae8eRWw/XMPP_logo.png
It shows the problem
I'm sorry, but I cannot reproduce it, with your example link or any of several random images from various homeservers. The Content-Type header always gets set to whatever the origin server sets. Usually it's one of
image/*
, or at worstapplication/octet-stream
.Seems like a bug with
HEAD
request handling (missingHEAD
support altogether?), it returns HTTP 400 andapplication/json
rather than 200 and the correct type.Hm, that seems to be a regression after the rocket->axum switch. Log shows:
HEAD seems to work fine on a rocket-using conduit instance.
The spec does not mention HEAD, I don't know if we need to support it.
Matrix spec does not mention it, but HTTP spec does. See a similar issue for Synapse: https://github.com/matrix-org/synapse/issues/6008
I believe requests need to be marked "safe" for HEAD requests, we don't want a random POST or the likes being triggered by a HEAD probe.
I'd say to only enable
HEAD
forGET
endpoints for now.HEAD
is the same asGET
by definition (minus the response body). There shouldn't be any need to mark things as safe (other than defining that an endpoint allowsGET
)I have an idea for how to fix this, can probably post an MR later.
@jplatte did you manage to look into this?
I think I remember sbd. in the Matrix room saying they want to take a look at it, but maybe I'm getting things confused. Either way I think this can be solved by changing this line to return
MethodFilter::GET | MethodFilter::HEAD
and adding a middleware that strips the response body when the request uses aHEAD
method. Writing the middleware should be pretty easy using axum::middleware::from_fn. I don't think I'll write the patch, but please let me know if those instructions are unclear or don't work.I haven't tried adding the middleware itself, but merely adjusting the mapping in method_to_filter() function did not cause any change - conduit still hits
conduit::ruma_wrapper::axum: MethodMismatch { expected: GET, received: HEAD }
.In that state, I expected a HEAD request to at least return a response with a complete body.
@jplatte
Unfortunately, I do not think it will be that easy. The MethodMismatch error is from Ruma, not Conduit.