Media redirect target URL gets modified by Element Desktop

[syldrathecat]

This code seems to replace the string /_matrix/media/v3/ in media URLs with /_matrix/client/v1/media/:

element-desktop/src/media-auth.ts

Line 68 in 6c78684

url.href = url.href.replace(/\/media\/v3\/(.*)\//, "/client/v1/media/$1/");

This URL modification, however, seems to also apply to the target of HTTP redirects.

It doesn't appear that Element Web has this same behavior.

Since we run matrix-media-repo on a separate domain, without media authentication, we have been using a redirect from https://<synapse>/_matrix/client/v1/media/ to https://<matrix-media-repo>/_matrix/media/v3/.

The target URL being modified by Element Desktop went unnoticed by us until now, when Element Desktop 1.11.81 stopped sending the access token, and highlighted this issue.

(Our intention all along was to redirect to matrix-media-repo's unauthenticated endpoint, but Element Desktop has been rewriting it to the authenticated endpoint)

This URL rewriting behavior is certainly not part of the specification, and our setup doesn't seem that unreasonable. Maybe its inclusion in the code should be reconsidered.