![]() The third option is to remove automatic upload to the server and require the user to copy and paste the GIF from the keyboard. (Additionally, I do not love the idea of passing the token as a URL param, but this is currently the only viable way to pass data to widgets as far as I know.) This is better, but still relies on trusting users to not widely distribute tokens (might work OK for small communities or groups of friends) but for any large scale implementation the overhead of monitoring and revoking tokens used for abuse might not be worth it. This token could then be checked against a list of valid tokens by widget app server. The second idea I had was to create a token or tokens that could be supplied as part of the widget URL during setup (ie ). If this happens we could easily verify the user via OpenID. This essentially gives anyone with access to the widget server URL cart-blanche to upload files to the Matrix server (not good!).įirst, I am hoping that the often discussed support for using a Matrix server as an OpenID source comes to fruition. In my current implementation, the widget app server has the ability to upload files directly to the Matrix server for which it is configured. Any additional params you wish to include must be passed as part of the URL used when setting up the widget. In reality, there are only a handful of properties that are accessible to widgets (room name, username, etc) but any one of those could easily be faked in an http request so they really only provide security through obscurity. The way widgets are currently handled, there is no way to verify that the user of a widget is logged in to a specific Matrix server. I will be looking at the code to see how I can were there any security issues or like thoughts you had in implementing this There are definitely some security issues in my current solution. This is a critical feature that cant be missing in todays world of chat/messaging apps. So just on first glance I would be inclined to have this baked into the UX as mentioned. I like the solution as it deals with the encrypted room issue that the giphy bot does not. Naturally, we would want to see a gif icon next to the emoji and attachment icons in the UI which triggers a selector and search field. Moreover, they often don't remember the command to trigger the search. The Giphy bot solution is unintuitive as users simply don't know what to search for to get an exact match of what they wish to express. This has created a lot of frustration for our users as one would expect this day and age and are looking for a solution. I've just made the move from Discord/Telegram for our org over to Matrix/Element and while doing customisations we just realised using gifs 'natively' is not available.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |