* Check url with homeserver
* Move check to where access-token is added
* Do IPC comm sparingly
Before, the code would fetch the hs for every request.
Since this needs the whole event-handler dance, it's best we do it only
for the requests that match the media endpoints.
Also added some try..catch since we create URL objects that could
potentially throw
* Check origin instead of just hostname
* Support authenticated media downloads in Desktop too
We can't use service workers for a variety of reasons/errors, so we instead intercept HTTP(S) requests from the renderer process. With a bit of help from the IPC channels, we're able to emulate what the Element Web ServiceWorker does.
The IPC channel is considered "safe" for transmitting sensitive details like the user access token: if we can't trust the IPC, we can't trust much of anything. This is unlike the `postMessage` API in a web browser where browser extensions may be listening: we don't have extensions in this environment.
* Remove unused import
* Appease the linter
See https://github.com/electron/electron/pull/30702 - this has the benefit of the js-sdk and LiveKit not having to add custom logic for Electron
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
