Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

element-web runs offsite javascript from vector.im and riot.im

See original GitHub issue

app = element-web version = 1.7.28

When using a selfhosted element talking to a sellfhosted server, enabling the Spaces feature establishes connections to vector.im, and when trying to view a jitsi video call inline fails with a “JavaScript is disabled. For this site to work you have to enable JavaScript.” error when JS is permitted on the selfhosting domain but denied on others (and it shows it’s trying to exec remote javascript from riot.im and vector.im domains).

What’s the point of having both a server app and a client app that can be selfhosted if it has to phone home to the developers to download remote executable code from an untrusted server to work right?

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:3
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

4reactions
t3chguycommented, May 19, 2021

when trying to view a jitsi video call inline fails with a “JavaScript is disabled. For this site to work you have to enable JavaScript.” error when JS is permitted on the selfhosting domain but denied on others (and it shows it’s trying to exec remote javascript from riot.im and vector.im domains).

The Jitsi you are accessing is hosted at jitsi.riot.im - what exactly do you expect here? The javascript being loaded here is loaded inside a sandboxed iframe.

image

I cannot reproduce any Javascript being loaded from vector.im when making a Jitsi call - unless you go to Edit widgets, bridges & bots which uses the vector.im integrations manager, again in a sandboxed iframe, to provision their bots/bridges/etc

image

If you don’t want to use the Jitsi configured by the Element/Matrix admin then you can make use of /addwidget though keep in mind if someone else adds a Jitsi call to the room and you opt to join it then obviously you have to join the Jitsi of whatever domain they chose during the setup of the call otherwise you’d be in your very own call and not the one with your peer.

It seems that if this is the config that server admins end up with, then this ecosystem probably isn’t very privacy-friendly

So just because your server admins don’t wish to run their own Jitsi stack that makes the product not privacy-friendly - what? The Jitsi stack can be configured in Element or in the Matrix server, but they obviously did neither given you are connecting to jitsi.riot.im. https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server

3reactions
hex-mcommented, May 20, 2021

You can check if your Server defines a custom Jitsi Meet instance to be used by checking the .well-known entries. e.g. https://kif.rocks/.well-known/matrix/client

{
  "m.homeserver": {
    "base_url": "https://matrix.kif.rocks"
  },
  "m.identity_server": {
    "base_url": "https://matrix.kif.rocks"
  },
  "im.vector.riot.jitsi": {
    "preferredDomain": "meet.kif.rocks"
  }
}

If there is none defined the Element clients fall back to https://jitsi.riot.im/.

To avoid that you can use Element-Desktop and change the local config to point to your preferred Jitsi Meet instance.

Read more comments on GitHub >

github_iconTop Results From Across the Web

JennyGub/PrivTest · Datasets at Hugging Face
"element-web runs offsite javascript from vector.im and riot.im app = element-web version = 1.7.28 When using a selfhosted element talking to a sellfhosted ......
Read more >
riots.im
Fixes (vector-im/element-web/issues/22609) where the white theme is not applied ... Make use of js-sdk roomNameGenerator to handle i18n for generated room ...
Read more >
Files · v0.14.2 · GitHub Mirror / Element (formerly New Vector ...
Enter the URL into your browser and log into Riot! Releases are signed by PGP, and can be checked against the public key...
Read more >
matrix-react-sdk | Yarn - Package Manager
Fixes vector-im/element-web#24059. Fix checkForPreJoinUISI for thread roots (#9803). Fixes vector-im/element-web#24054. Add inline code formatting to rich ...
Read more >
Adding vector graphics to the web - Learn web development
Vector images are defined using algorithms — a vector image file ... (External stylesheets invoked from the SVG file take no effect.) ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Sending images from the clipboard

Next page

Ligatures work/preview incorrectly in composer