Bug: Specifying bad Jitsi server on Android

My friend and I were doing some testing.

He used the android device and entered the entire URL (https://myserver/DontEatFuzzyAvocados) as the server name, instead of just entering the server (myserver).

The result: He hosed up his configuration so badly that he needed to uninstall/reinstall the app in order to remove the bad server name.

The Android APP should validate that the servername is valid before accepting it. Or be smart enough to just use the servername, or be smart enough to validate the servername before trying to use it.

We didn’t test this on other apps.

1 Like

What version of Android and Jitsi Meet app is he using ? I am using Android 9 (LIneageOS) and JitsiMeet 20.2.3 from F-Droid and could not reproduce this when entering manually the https://meet.jit.si URL.

Okay, I’ve been able to replicate it on my own android device.

Android 9
Jitsi app from Android Play, 20.1.0 build 3883698

About my jitsi server: I’ve forced new rooms to require a moderator (Easiest way to secure jitsi meet). So a user cannot enter a room until someone with a login joins first.

On the android:

  1. Start jitsi app.
  2. Open jitsi settings.
  3. Under the conference block, set the server url. I used “https://mydomain/BadString”. (mydomain is replaced with my actual hostname.) NOTE: This is an error because I added a conference name (BadString), this is a bad server url.
  4. I then tried to join the conference from my displayed list of past conferences. (“FuzzyAvocados”).

The result? First, it wants to join FuzzyAvocados, but it gets the popup about how the conference has not yet started. As long as that popup is on the screen, you cannot get back to the settings.

If I click Cancel or hit the back button, then it immediately tries to connect to the conference “BadString”. This causes that popup to appear again and I can never get back to the settings.

I found a workaround without reinstalling:

  1. While the popup is on the screen, press the android “|||” button to bring up the running apps. This will shrink the Jitisi app to a dark square with a circling icon (waiting to connect).
  2. Kill the running app. The app is dead, but the jitsi square with the loading icon is still there.
  3. Tap the jitsi square to see the widgets and click on “X” to kill it.
  4. Tab the android “|||” icon and kill the running Jitisi app again.
    Now it is actually dead.
  5. Restart the jitsi app. It will show you the list of previous conferences and you can go to the settings and correct the url.

Ok, this would be a bug indeed, “Server URL is not validated in Android (possibly iOS?) app”. I lack the time to try and reproduce, however you can file it as a bug directly here, including the exact information from your last reply :

1 Like

Submitted. Bug #6873 :

Thank you.

1 Like