* Make the 'delete my data' button not the default
* Make it red
* Give it a confirmation dialog
* Remove the 'cancel' button: what does it mean to cancel an error?
In this case, it tried again and almost certainly got the same error.
* Remove the top-right 'x' and don't cancel on esc for the same reason.
* Move 'send bug report' to a button rather than a 'click here' link
* Add a 'refresh' button which, even if it's no more likely to work,
will at least look like it's doing something (it's mostly so if you
don't have a bug report endpoint, there's still a button other
than the one that deletes all your data).
The user might (probably does) have a session even if we haven't actually tried
to load it yet, so wrap the whole loadSession code in the error handler we were
using for restoring sessions so we gracefully handle exceptions that happen
before trying to restore sessions too.
Remove the catch in MatrixChat that sent you to the login screen. This is
never the right way to handle an error condition: we should only display the
login screen if we successfully determined that the user has no session, or
they explicitly chose to blow their sessions away.
Everywhere else, onFinished takes a boolean indicating whether the
dialog was confirmed on cancelled, and had function that were
expecting this variable and getting undefined.
Fix a number of failures that meant the excellent error handling
we had for failing to restore a session didn't work.
1. .catch on the promise rather than try/catch: it's async
2. Explicit cancel method in SessionRestoreErrorDialog that invokes
onFinished with `false` because even with the catch fixed, this
was getting the event as its first arg which is truthy, so
clicking cancel still deleted your data.
3. DialogButtons: Don't pass onCancel straight into the button event
handler as this leaks the MouseEvent through as an argument.
Nothing is using it and it exacerbates failures like this
because there are surprise arguments.
Fixes https://github.com/vector-im/riot-web/issues/6616
This adds a URL parameter to the cross-origin renderer that makes
it only accept messages from a given domain. This adds an extra
layer of security to the cross-origin iframe and is backwards
compatible in both directions.
