rzerres/element-call
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keep the password in the URL

Browse Source 
We changed our minds: people do copy the URL from the bar and
give that to people and expect it to work: it doesn't make sense
to prioritise shorter URLs over this. There's no security advantage
unless we think there's a risk someone might steal your key by taking
a photo of your monitor over your shoulder and decrypting the calls
they can't already hear by standing behind you.
This commit is contained in:
David Baker
2023-10-05 16:13:56 +01:00
parent d1cb6ee889
commit 4984bd630e
4 changed files with 13 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/home/RegisteredView.tsx
View File

@@ -81,14 +81,16 @@ export function RegisteredView({ client }: Props) {
await createRoom(client, roomName, e2eeEnabled ?? false)
)[1];
const roomPassword = randomString(32);
if (e2eeEnabled) {
setLocalStorageItem(
getRoomSharedKeyLocalStorageKey(roomId),
randomString(32)
roomPassword
);
}
history.push(getRelativeRoomUrl(roomId, roomName));
history.push(getRelativeRoomUrl(roomId, roomName, roomPassword));
}
submit().catch((error) => {