Overview - Tom-server

ToM-server

7 days30 days

Latest CI Pipeline Executions

Fuzzy

Succeeded
fix/admin-access-token
02d69d3f fix(tom-server/token-service): handle cross-origin redirects in SSO token flow The admin access token acquisition broke because Node.js fetch strips cookies on cross-origin redirects. The SSO chain crosses from the auth provider to Matrix, so the OIDC session cookie never reached Synapse. Split getLoginToken into two explicit fetch calls — auth provider gets only the auth cookie, Matrix callback gets only the session cookies. Validate the callback origin matches the Matrix server before sending session cookies. Also fix cookie serialization: use getSetCookie() and strip attributes so the Cookie header contains clean name=value pairs instead of raw Set-Cookie values with Domain/Path/HttpOnly attributes.
by Khaled FER...
Succeeded
fix/admin-access-token
6f6bf407 fix(tom-server/token-service): handle cross-origin redirects in SSO token flow The admin access token acquisition broke because Node.js fetch strips cookies on cross-origin redirects. The SSO chain crosses from the auth provider to Matrix, so the OIDC session cookie never reached Synapse. Split getLoginToken into two explicit fetch calls — auth provider gets only the auth cookie, Matrix callback gets only the session cookies. Validate the callback origin matches the Matrix server before sending session cookies. Also fix cookie serialization: use getSetCookie() and strip attributes so the Cookie header contains clean name=value pairs instead of raw Set-Cookie values with Domain/Path/HttpOnly attributes.
by Khaled FER...
Succeeded
fix/admin-access-token
a2692c70 fix(tom-server/token-service): validate callback origin and fix test config Validate that the OIDC callback URL points to the expected Matrix server before sending session cookies, preventing cookie leakage to unexpected hosts. Also seed auth_url in test config mock so the getAuthCookie test actually verifies the correct endpoint is called.
by Khaled FER...
Succeeded
fix/admin-access-token
509e3123 fix(tom-server/token-service): handle cross-origin redirects in SSO token flow The admin access token acquisition broke because Node.js fetch strips cookies on cross-origin redirects. The SSO chain crosses from the auth provider to Matrix, so the OIDC session cookie never reached Synapse. Split getLoginToken into two explicit fetch calls — auth provider gets only the auth cookie, Matrix callback gets only the session cookies. Also fix cookie serialization: use getSetCookie() and strip attributes so the Cookie header contains clean name=value pairs instead of raw Set-Cookie values with Domain/Path/HttpOnly attributes.
by Khaled FER...