mt77/synapse-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configurable CORS credentials (#456)

Browse Source 
* Configurable CORS credentials

* update readme
This commit is contained in:
Aine
2025-04-05 18:08:29 +00:00
committed by GitHub
parent f4084969b6
commit 218f0ba03c
7 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/config.md
View File

@@ -28,6 +28,12 @@ In this case, you could provide the configuration in the `/.well-known/matrix/cl
The homeserver URL should be the _actual_ homeserver URL, and not the delegated one.
Example: `https://matrix.example.com` or `https://synapse.example.net`
[More details](restrict-hs.md)
* `corsCredentials` - configure the CORS credentials for the Synapse Admin instance.
It accepts the following values:
* `same-origin` (default): Cookies will be sent only if the request is made from the same origin as the server.
* `include`: Cookies will be sent regardless of the origin of the request.
* `omit`: Cookies will not be sent with the request.
[More details](cors-credentials.md)
* `asManagedUsers` - protect system user accounts managed by appservices (such as bridges) / system (such as bots) from accidental changes.
By defining a list of MXID regex patterns, you can protect these accounts from accidental changes.
Example: `^@baibot:example\\.com$`, `^@slackbot:example\\.com$`, `^@slack_[a-zA-Z0-9\\-]+:example\\.com$`, `^@telegrambot:example\\.com$`, `^@telegram_[a-zA-Z0-9]+:example\\.com$`

35
docs/cors-credentials.md Normal file
View File

@@ -0,0 +1,35 @@
# CORS Credentials
If you'd like to use cookie-based authentication
(for example, [ForwardAuth with Authelia](https://github.com/Awesome-Technologies/synapse-admin/issues/655)),
you can configure the `corsCredentials` option in the `config.json` file or in the `/.well-known/matrix/client` file.
## Configuration
> [Documentation on MDN](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials)
The `corsCredentials` option accepts the following values:
* `same-origin` (default): Cookies will be sent only if the request is made from the same origin as the server.
* `include`: Cookies will be sent regardless of the origin of the request.
* `omit`: Cookies will not be sent with the request.
[Configuration options](config.md)
### config.json
```json
{
"corsCredentials": "include"
}
```
### `/.well-known/matrix/client`
```json
{
"cc.etke.synapse-admin": {
"corsCredentials": "include"
}
}
```