Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only initialize Crypto when olm is provided #691

Merged
merged 2 commits into from
Mar 3, 2022
Merged

Only initialize Crypto when olm is provided #691

merged 2 commits into from
Mar 3, 2022

Conversation

MadLittleMods
Copy link
Contributor

@MadLittleMods MadLittleMods commented Feb 25, 2022
edited
Loading

Only initialize Crypto when olm is provided.

Split out from #653

As a note, window.crypto.subtle is only avaialble in secure contexts(window.isSecureContext). Relevant error if you crypto is used in a non-secure context like a local LAN IP http://192.168.1.151:3050/

Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'deriveBits')
	at new Crypto
	at new Platform
	at mountHydrogen

For my use-case with https://github.com/matrix-org/matrix-public-archive, I don't need crypto/encryption at all so if there was a way to completely disable, that would be even better. Related to #579

Docs:

@MadLittleMods
Only try to use window.crypto.subtle in secure contexts to avoid it t…
0935f2d 
…hrowing and stopping all JavaScript

Relevant error if you crypto is used in a non-secure context like a local LAN IP `http://192.168.1.151:3050/`
```
Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'deriveBits')
	at new Crypto
	at new Platform
	at mountHydrogen
```

For my use-case with https://github.com/matrix-org/matrix-public-archive, I don't need crypto/encryption at all.

Docs:

 - https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
 - https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle
    - "Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers."

---

Related to #579
@MadLittleMods MadLittleMods mentioned this pull request Feb 25, 2022
Draft
@bwindels
Copy link
Contributor

bwindels commented Mar 1, 2022

If you don't pass in the olm paths to the platform class, isn't encryption disabled? That's the idea, but this is very untested ...

bwindels
bwindels suggested changes Mar 1, 2022
View reviewed changes
Copy link
Contributor

@bwindels bwindels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR, there might be a more explicit way to disable e2ee though.

src/platform/web/Platform.js Outdated Show resolved Hide resolved
@MadLittleMods MadLittleMods added bug Something isn't working sdk labels Mar 2, 2022
@MadLittleMods MadLittleMods changed the title Only try to use window.crypto.subtle in secure contexts to avoid it throwing and stopping all JavaScript. Only initialize Crypto when olm is provided Mar 2, 2022
@bwindels bwindels merged commit 8b8233f into master Mar 3, 2022
@MadLittleMods
Copy link
Contributor Author

Thanks for the review and merge @bwindels 🐻

Good shout on the alternative way to disable 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwindels bwindels bwindels approved these changes

Assignees
No one assigned
Labels
bug Something isn't working sdk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MadLittleMods @bwindels