After upgrading can't connect to homeserver configured on login page

[floviolleau]

Description

Hi,

After the upgrade, I'm not able to connect to my homeserver (I see a magenta banner with "Unable to connect to Homeserver. Retrying...").

I just configured a different HS and IS on the login page and for somewhat reason, some XHR calls still go to the default HS/IS and are not using the HS/IS I configured in the login page.

I have this banner because the default IS/HS endpoint is blocked by my work proxy so this why I need to change the default one.

Before the upgrade, it was working well.

Any ideas?
Thanks

Steps to reproduce

• Change the HS and IS on the login page
• do a login
• Some requests still go to the default HS and are not using the one configured

Describe how what happens differs from what you expected.

• All calls must go to the IS/HS that is specified on the login page and no using the default one partially

Version information

• Platform: web (in-browser)

For the web app:

• Browser: All versions
• OS: All OSes
• URL: private server, built from latest from master 01/28/2018

[valentinab25]

We are having the same issue on 0.17.9 . After the log in of users ( we also have our own IS), we receive the "Unable to connect to Homeserver. Retrying...".

Using the Developer Tools, on Network, I can see only requests that are failing continuously:
https://OUR-RIOT/OUR-Matrix/_matrix/client/versions
https://OUR-RIOT/OUR-Matrix/_matrix/client/r0/presence/@<UID>/status
https://OUR-RIOT/OUR-Matrix/_matrix/client/r0/pushrules/

It looks like instead of redirecting the request correctly to https://OUR-Matrix/_matrix/..., it keeps the Riot url ( https://OUR-RIOT ) and adds to it. Before the upgrade the site was working correctly.

[jryans]

Thanks for the report! A few questions:

• How are you entering your username? Just local part "bob" or the full MXID "@bob:server.com"?
• Does your Synapse install have public_baseurl configured? If so, what is it set to?

[valentinab25]

Thanks for the respose.
We are using LDAP though mxisd, so the user I'm entering is the LDAP one ( it's registered in matrix as @LDAP_UID:OUR-MATRIX)
public_baseurl is configured , and set to OUR-MATRIX.
We are also using the same domain on all services - https://riot.OUR-DOMAIN, https://matrix.OUR-DOMAIN and https://matrix-identity.OUR-DOMAIN .
Riot is running on an nginx. We are not using any proxies to connect, but we do use a reverse proxy to configure the service urls.

[floviolleau]

For me, regular login no LDAP. I use "bob" as login and not MXID.

public_baseurl is configured to default url https://my-domain.org but as reminder if I do not use default one (https://my-domain.org) and specify another at login time (https://riot.my-second-domain.org), some rest calls do not use the configured one and still are sent to https://my-domain.org insted of https://riot.my-second-domain.org). This feature worked before my update.

PS: Historically, my server was on the domain name https://my-first-domain so MXID are like "@bob:my-first-domain" (public_baseurl was set to https://my-first-domain) but I moved my server to somewhere else so now the public_baseurl is set to https://my-second-domain but MXID remains "@bob:my-first-domain" format.

[AlexDaniel]

I have exactly the same problem. I can't login with Riot to my server. However, Riot works just fine as long as you are already logged in. I tried Quaternion and it works, so it's a new login problem in Riot.

[AlexDaniel]

Uh, actually I wanted to write a comment on #8313, not here. But perhaps both are the same issue.

[floviolleau]

Any news as it is blocking me at work?

[jryans]

Do you see the same issue on riot.im/develop? So far, I am not sure how to reproduce your issue or what the root cause, so we'll need to keep investigating.

[AlexDaniel]

I don't know if I'm seeing the same issue as @floviolleau, but in my case I'm getting:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://foo.foo.org:8448/_matrix/client/versions. (Reason: CORS request did not succeed).[Learn More]

I can still use the server because I'm still logged in, but me and other users are getting a CORS error when trying to login freshly. It was working at some point. Other clients (not riot) are also able to connect. Visually I'm getting the “Unable to connect to Homeserver. Retrying...” purple box same as OP.

That is on both riot.im/develop and riot.im.

(Again, this is probably a different issue…)

UPDATE: I resolved my issue. I had to configure the certificate as mentioned in the UPGRADE doc. The error message I was getting in Riot definitely was not helping me to figure out what's going on, but I guess you can still blame me for not reading the UPGRADE doc :)

[floviolleau]

The problem as I explained is if I configure a custom server in the login page, some requests still go to the default HS and are not using the one configured. XHR that are problematics and stay on the default url and not customized url are:

• OPTIONS /_matrix/client/r0/room_keys/version
• OPTIONS /_matrix/client/r0/voip/turnServer
• OPTIONS /_matrix/client/r0/pushrules/
• OPTIONS /_matrix/client/unstable/keys/upload/XXXXXXXXXX
• GET /_matrix/client/versions
• OPTIONS /_matrix/client/r0/presence/@myusername:example.com/status
• OPTIONS /_matrix/client/r0/logout

Correct XHR that go to the customized server:

• POST /_matrix/client/r0/login
• GET /version?cachebuster=0000000000000
• GET /_matrix/client/r0/login
• GET /i18n/languages.json

The customized server is done with the configuration file. I wrote config.example.org.json in the webapp folder and if come with the url example.org.json, HS/IS are set correctly in the login page.

If I manually set it in the login page, same issue

[floviolleau]

Maybe hard to explain but I tried with https://riot.im/develop and it seems a little bit different.
I cannot explain it (because it was working well before the update).

My setup is the following one:

• 1 machine containing
  • one synapse server with domain1.org configured (with a reverse proxy for /_matrix calls)
  • one UI
• 2 domain names: domain1.org and domain2.org. Both are pointing to the same server thanks to apache vhosts.

What I tested:

• go to riot.im/develop
• change the server to point to domain1.org
• all is working as expected (rest calls go to domain1.org except assets of course came from riot.im)

With my second domain name:

• go to riot.im/develop
• change the server to point to domain2.org
• some rest call go to domain2.org others like:
  • OPTIONS /_matrix/client/r0/room_keys/version
  • OPTIONS /_matrix/client/r0/voip/turnServer
  • OPTIONS /_matrix/client/r0/pushrules/
  • OPTIONS /_matrix/client/unstable/keys/upload/XXXXXXXXXX
  • GET /_matrix/client/versions
  • OPTIONS /_matrix/client/r0/presence/@myusername:example.com/status

go to domain1.org and assets of course came from riot.im

Any explanations why domain1.org is still call despite I configured domain2.org?

Thanks for your time investigating it.

PS: again why I have 2 domains is that historically domain1.org what the first domain configured for my setup (and all logins have the suffix @bob:domain1.org) but is blocked by my work proxy. So I configured domain2.org that is allowed at work.

[lampholder]

We've changed a lot about auth since this was filed, and I wasn't able to trivially reproduce this issue so I'm going to close it - if people are still having problems do please file a new issue. Thanks!