Bug 433834

Summary: Neochat fails on any https to http redirects
Product: [I don't know] kde Reporter: idoitprone <monkeyboyted>
Component: generalAssignee: Unassigned bugs <unassigned-bugs-null>
Status: RESOLVED NOT A BUG    
Severity: minor CC: nicolas.fella
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Manjaro   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description idoitprone 2021-03-02 05:34:20 UTC 
SUMMARY

I have a self hosted webiste that redirects https://domain.tld/.well-known/matrix/client -> http://www.domain.tld/.well-known/matrix/client -> https://www.domain.tld/.well-known/matrix/client -> https://matrix.domain.tld/.well-client/matrix/client. May I ask why neochat requires https to be used throughout the entire chain even if the final url has https? 

curl -iL 'www.domain.tld/.well-known/matrix/client'
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 02 Mar 2021 04:13:55 GMT
Content-Type: text/html
Content-Length: 183
Connection: keep-alive
Location: https://www.domain.tld/.well-known/matrix/client
X-Cache: Redirect from cloudfront
Via: 1.1 d3f9b7e35643700c8f2c0d4716ce0574.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX3-C4
X-Amz-Cf-Id: qbND_DjOc34c1opCxloPBqiR2jkMaHf5_ue8Qs1xHp9vlrj9lgCpw==

HTTP/2 301 
content-length: 0
location: http://matrix.domain.tld/.well-known/matrix/client
date: Tue, 02 Mar 2021 04:10:07 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 12a5bcdb54ede5fbaec3241h3c798939.cloudfront.net (CloudFront)
x-amz-cf-pop: LAX3-C4
x-amz-cf-id: 7aILZVPleHe6ApG7NwibhAv_wrmyFDxKnZDHI9rNSKPnPG2rR8TQ==
age: 230

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 02 Mar 2021 04:13:56 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://matrix.domain.tld/.well-known/matrix/client

HTTP/2 200 
server: nginx
date: Tue, 02 Mar 2021 04:13:56 GMT
content-type: application/json
content-length: 632
last-modified: Sat, 28 Nov 2020 15:16:09 GMT
etag: "5fc269b9-278"
expires: Tue, 02 Mar 2021 08:13:56 GMT
cache-control: max-age=14400
access-control-allow-origin: *
accept-ranges: bytes

{
        "m.homeserver": {
                "base_url": "https://matrix.domain.tld"
        }
,
        "m.identity_server": {
                "base_url": "https://matrix.domain.tld"
        }
,
        "m.integrations": {
                "managers": [
                        {
                                "api_url": "https://dimension.domain.tld/api/v1/scalar",
                                "ui_url": "https://dimension.domain.tld/element"
                        }
                ]
        }
,
        "io.element.jitsi": {
                "preferredDomain": "jitsi.domain.tld"
        },
        "im.vector.riot.jitsi": {
                "preferredDomain": "jitsi.domain.tld"
        }
        ,
        "io.element.e2ee": {
                "default": true,
                "secure_backup_required": false,
                "secure_backup_setup_methods": []
        },
        "im.vector.riot.e2ee": {
                "default": true
        }
}

STEPS TO REPRODUCE
1. 
2. 
3. 

neochat 
Both point size and pixel size set. Using pixel size.
qrc:/qml/main.qml:254:5: QML Connections: Detected function "onRoomJoined" in Connections element. This is probably intended to be a signal handler but no signal of the target matches the name.
Both point size and pixel size set. Using pixel size.
qrc:/imports/NeoChat/Page/WelcomePage.qml:35:5: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
qrc:/imports/NeoChat/Panel/RoomDrawer.qml:64: TypeError: Cannot read property 'isFavourite' of null
qrc:/imports/NeoChat/Panel/RoomDrawer.qml:67: TypeError: Cannot read property 'isFavourite' of null
qrc:/imports/NeoChat/Panel/RoomDrawer.qml:62: TypeError: Cannot read property 'isFavourite' of null
quotient.jobs: "GetWellknownJob" stopped with empty network reply
quotient.jobs: Sent GET https://domain.t/.well-known/matrix/client
quotient.jobs: "GetWellknownJob" stopped without ready network reply
quotient.jobs: "GetWellknownJob" stopped with empty network reply
quotient.jobs: Sent GET https://domain.tl/.well-known/matrix/client
QHttpNetworkConnectionPrivate::_q_hostLookupFinished could not de-queue request, failed to report HostNotFoundError
quotient.jobs: No valid HTTP headers from GET https://domain.tl/.well-known/matrix/client
quotient.jobs: "GetWellknownJob" status NetworkError: Host domain.tl not found
quotient.jobs: "GetWellknownJob": retry #1 in 5 s
quotient.jobs: "GetWellknownJob" stopped with empty network reply
quotient.jobs: Sent GET https://domain.tld/.well-known/matrix/client
quotient.jobs: 302 <- GET http://www.domain.tld/.well-known/matrix/client
quotient.jobs: "GetWellknownJob" status NetworkError: Insecure redirect
quotient.jobs: "GetWellknownJob": retry #1 in 5 s
quotient.jobs: Sent GET https://domain.tld/.well-known/matrix/client
quotient.jobs: 302 <- GET http://www.domain.tld/.well-known/matrix/client
quotient.jobs: "GetWellknownJob" status NetworkError: Insecure redirect
quotient.jobs: "GetWellknownJob": retry #2 in 10 s
quotient.jobs: Sent GET https://domain.tld/.well-known/matrix/client
quotient.jobs: 302 <- GET http://www.domain.tld/.well-known/matrix/client
quotient.jobs: "GetWellknownJob" status NetworkError: Insecure redirect

EXPECTED RESULT

Neochat should be able to follow http to https redirects unless upstream determined that https must be followed throughout the entire chain. I do not know the expected behavior and I have already reconfigured my website to avoid this issue. Official element desktop client does not have this issue.


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Manjaro Arm/wayland
(available in About System)
KDE Plasma Version: 5.21.1
KDE Frameworks Version: 5.79.0
Qt Version: 5.12.2
Neochat Version: 1.1.1

ADDITIONAL INFORMATION
Comment 1 idoitprone 2021-03-02 05:36:46 UTC 
Here is the steps to reproduce

STEPS TO REPRODUCE
1. Create a matrix instance that redirects between http and https
2. Create an account
3. Open neochat
4. Attempt to login with @username:domain.tld
5. Neochat throws errors
Comment 2 Nicolas Fella 2021-03-02 09:35:13 UTC 
Not redirecting from a secure to an insecure connection is important for security reasons so the behavior you are describing is expected.
Comment 3 idoitprone 2021-03-02 13:15:15 UTC 
Well-Known is kinda a discovery url without any sensitive information. Ok, this behavior is expected, I will close this issue.