So.... what domains should we use for our matrix server?

The Wikipedia article on same origin policy has a pretty clear explanation. It has a chart that explicitly states that accessing “example.com” from “www.example.com” or vise versa will fail “Different host (exact match required)”:

The above page also has a nice explanation on how document.domain works.

1 Like

Hey all, not to tamp down the excitement too much (I’m glad to see all of the enthusiasm!), but this is a past-tense decision at this point, so we don’t need more votes. :slight_smile:

4 Likes

Yes it looks like you’re correct. I edited my comments for future readers.

TravisR confirmed a subdomain is fine in the Matrix channel for Element web:

subdomains aren’t great, but fine.
it just doesn’t want you to have element at fedoraproject.org and the homeserver at fedoraproject.org

Someone else then asked:

I’ve been wondering the same thing, and I’m still only about 60% sure about the answer. Specifically: are there risks associated with having Synapse at example.com and Element at element.example.com?

TravisR: there’s a theoretical risk of if Element were to experience an XSS of some kind then cookies and other cross-domain data might be accessible, but in practice that’s so much of a stretch that attackers are more interested in the people who use the exact same domain.

Sorry about all the confusion from my part. Maybe this should be worded more precisely in the README.

A link to the conversation.

Can we somehow have the channels use fedoraproject.org even though users are fedora.im?

Hmmm. I’ll ask.

I imagine that it will take two instances.

1 Like

AFAIK, for synapse and dendrite, yes (likely the others too, but I haven’t verified).

But this doesn’t mean this would consume more resources, since the amount of ram/disk/cpu would likely be the same, and I guess that EMS has automated upgrade and migration, so 1 or 2 servers should have much impact. So the problem is maybe just a question of process rather than a technical limitation.

fedoraproject.org makes it clear who is the owner/maintainer of the server or channel. I don’t really feel that a shorter name has that much advantages. If a sub domain is needed, the I would vote for chat.fedoraproject.org.

I checked with them and the easiest way to do it is to run a second “Nickel” plan server – 5 users at $2/each/month. That’s probably something we can do and worth it. We can put the channels there, and perhaps use those five user accounts for official bots.

3 Likes

That does seem like a nice way of using fedoraproject.org.

Although I am worried that putting the channels on a cheaper plan would result in decreased functionality. If users are on a more expensive plan is that enough to get the “premium” hosting features?

According to Element’s pricing page the nickel plan doesn’t have things like a 99.9% uptime SLA, customizable branding, or a choice of what country it’s hosted in. I wonder if the users being on a more premium plan means we still get some of that functionality.

We’re pulling it all into our overall agreement which should cover some of that. Other things like customizable branding we won’t really need because that server won’t be for general use.

2 Likes

We can’t get rid of OpenID identities. They’re used by third-party services. One quite critical one is Libravatar. :wink:

well, we do know the libravatar developers so we could ask them to move. :wink:
But in general openid is going away, all the big providers in the past are gone, no more yahoo openid, no google, etc. So, while we have it for now, it’s on a decline…