From 8bcc9712d06b8f39a461842dd37663ccd41f41b7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Mar 2020 11:45:32 +0300 Subject: [PATCH] Make follow_redirects configurable when checking /.well-known/matrix/client Discussed in #101 (Github Issue). --- roles/matrix-nginx-proxy/defaults/main.yml | 6 ++++++ roles/matrix-nginx-proxy/tasks/self_check_well_known.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 5bf0fc0c..8f3f0481 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -184,6 +184,12 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3" # Controls whether the self-check feature should validate SSL certificates. matrix_nginx_proxy_self_check_validate_certificates: true +# Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource. +# +# As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be, +# so we default to not following redirects as well. +matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none + # By default, this playbook automatically retrieves and auto-renews # free SSL certificates from Let's Encrypt. # diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml index 1e274ee3..6aaf9cb3 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml @@ -6,7 +6,7 @@ - path: /.well-known/matrix/client purpose: Client Discovery cors: true - follow_redirects: none + follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}" validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}" - block: