From 21eabf45c256073738760592132c6fa4a9ebf9ce Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 26 Oct 2022 11:04:17 +0000 Subject: [PATCH] make self-check of /.well-known/matrix/server accept redirects Rationale: the /.well-known/matrix/client should return only 200 as well, but it has hardcoded "safe" value, regardless the spec: https://spec.matrix.org/v1.4/client-server-api/#well-known-uri So, why not do the same for the /.well-known/matrix/server? --- roles/matrix-nginx-proxy/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index c233dc43c38..e77de484255 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -489,9 +489,9 @@ matrix_nginx_proxy_self_check_validate_certificates: true # Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource. # -# As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be, -# so we default to not following redirects as well. -matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none +# As per the spec (https://spec.matrix.org/v1.4/client-server-api/#well-known-uri), it shouldn't be, +# but in real life all client apps and servers accept the 301 redirect. +matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: safe # For OCSP purposes, we need to define a resolver at the `server{}` level or `http{}` level (we do the latter). #