be3778bef0
* Add key storage toggle to Encryption settings
* Keys in the acceptable order
* Fix some tests
* Fix import
* Fix toast showing condition
* Fix import order
* Fix playwright tests
* Fix bits lost in merge
* Add key storage delete confirm screen
* Fix hardcoded Element string
* Fix type imports
* Fix tests
* Tests for key storage delete panel
* Fix test
* Type import
* Test for the view model
* Fix type import
* Actually fix type imports
* Test updating
* Add playwright test & clarify slightly confusing comment
* Show the advnced section whatever the state of key storage
* Update screenshots
* Copy css to its own file
* Add missing doc & merge loading states
* Add tsdoc & loading alt text to spinner
* Turn comments into proper tsdoc
* Switch to TypedEventEmitter and remove unnecessary loading state
* Add screenshot
* Use higher level interface
* Merge the two hooks in EncryptionUserSettingsTab
* Remove unused import
* Don't check key backup enabled state separately
as we don't need it for all the screens
* Update snapshot
* Use fixed recovery key function
* Amalgamate duplicated CSS files
* Have "key storage disabled" as a separate state
* Update snapshot
* Fix... bad merge?
* Add backup enabled mock to more tests
* More snapshots
* Use defer util
* Update to use EncryptionCardButtons
* Update snapshots
* Use EncryptionCardEmphasisedContent
* Update snapshots
* Update snapshot
* Try screenshot from CI playwright
* Try playwright screenshots again
* More screenshots
* Rename to match files
* Test that 4S secrets are deleted
* Make description clearer
* Fix typo & move related states together
* Add comment
* More comments
* Fix hook docs
* restoreAllMocks
* Update snapshot
because pulling in upstream has caused IDs to shift
* Switch icon
as apparenty the error icon has changed
* Update snapshot
* Missing copyright
* Re-order states
and also sort out indenting
* Remove phantom space
* Clarify 'button'
* Clarify docs more
* Explain thinking behind updating
* Switch to getActiveBackupVersion
which checks that key backup is happining on this device, which is
consistent with EX.
* Add use of Key Storage Panel
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Change key storage panel to be consistent
ie. using getActiveBackupVersion(), and add comment
* Add tsdoc
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Use BACKUP_DISABLED_ACCOUNT_DATA_KEY in more places
* Expand doc
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Undo random yarn lock change
* Use aggregate method for disabling key storage
in https://github.com/matrix-org/matrix-js-sdk/pull/4742
* Fix tests
* Use key backup status event to update
* Comment formatting
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix comment & put check inside if statement
* Add comment
* Prettier
* Fix comment
* Update snapshot
Which has gained nowrap due to 917d53a56f
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Element
Element (formerly known as Vector and Riot) is a Matrix web client built using the Matrix JS SDK.
Supported Environments
Element has several tiers of support for different environments:
- Supported
- Definition:
- Issues actively triaged, regressions block the release
- Last 2 major versions of Chrome, Firefox, and Edge on desktop OSes
- Last 2 versions of Safari
- Latest release of official Element Desktop app on desktop OSes
- Desktop OSes means macOS, Windows, and Linux versions for desktop devices that are actively supported by the OS vendor and receive security updates
- Definition:
- Best effort
- Definition:
- Issues accepted, regressions do not block the release
- The wider Element Products(including Element Call and the Enterprise Server Suite) do still not officially support these browsers.
- The element web project and its contributors should keep the client functioning and gracefully degrade where other sibling features (E.g. Element Call) may not function.
- Last major release of Firefox ESR and Chrome/Edge Extended Stable
- Definition:
- Community Supported
- Definition:
- Issues accepted, regressions do not block the release
- Community contributions are welcome to support these issues
- Mobile web for current stable version of Chrome, Firefox, and Safari on Android, iOS, and iPadOS
- Definition:
- Not supported
- Definition: Issues only affecting unsupported environments are closed
- Everything else
The period of support for these tiers should last until the releases specified above, plus 1 app release cycle(2 weeks). In the case of Firefox ESR this is extended further to allow it land in Debian Stable.
For accessing Element on an Android or iOS device, we currently recommend the native apps element-android and element-ios.
Getting Started
The easiest way to test Element is to just use the hosted copy at https://app.element.io.
The develop branch is continuously deployed to https://develop.element.io
for those who like living dangerously.
To host your own instance of Element see Installing Element Web.
To install Element as a desktop application, see Running as a desktop app below.
Important Security Notes
Separate domains
We do not recommend running Element from the same domain name as your Matrix homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See https://github.com/element-hq/element-web/issues/1977 for more details.
Configuration best practices
Unless you have special requirements, you will want to add the following to your web server configuration when hosting Element Web:
- The
X-Frame-Options: SAMEORIGINheader, to prevent Element Web from being framed and protect from clickjacking. - The
frame-ancestors 'self'directive to yourContent-Security-Policyheader, as the modern replacement forX-Frame-Options(though both should be included since not all browsers support it yet, see this). - The
X-Content-Type-Options: nosniffheader, to disable MIME sniffing. - The
X-XSS-Protection: 1; mode=block;header, for basic XSS protection in legacy browsers.
If you are using nginx, this would look something like the following:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
For Apache, the configuration looks like:
Header set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy "frame-ancestors 'self'"
Note: In case you are already setting a Content-Security-Policy header
elsewhere, you should modify it to include the frame-ancestors directive
instead of adding that last line.
Building From Source
Element is a modular webapp built with modern ES6 and uses a Node.js build system. Ensure you have the latest LTS version of Node.js installed.
Using yarn instead of npm is recommended. Please see the Yarn install
guide if you do not have it already.
- Install or update
node.jsso that yournodeis at least the current recommended LTS. - Install
yarnif not present already. - Clone the repo:
git clone https://github.com/element-hq/element-web.git. - Switch to the element-web directory:
cd element-web. - Install the prerequisites:
yarn install.- If you're using the
developbranch, then it is recommended to set up a proper development environment (see Setting up a dev environment below). Alternatively, you can use https://develop.element.io - the continuous integration release of the develop branch.
- If you're using the
- Configure the app by copying
config.sample.jsontoconfig.jsonand modifying it. See the configuration docs for details. yarn distto build a tarball to deploy. Untaring this file will give a version-specific directory containing all the files that need to go on your web server.
Note that yarn dist is not supported on Windows, so Windows users can run yarn build,
which will build all the necessary files into the webapp directory. The version of Element
will not appear in Settings without using the dist script. You can then mount the
webapp directory on your web server to actually serve up the app, which is
entirely static content.
Running as a Desktop app
Element can also be run as a desktop app, wrapped in Electron. You can download a pre-built version from https://element.io/get-started or, if you prefer, build it yourself.
To build it yourself, follow the instructions at https://github.com/element-hq/element-desktop.
Many thanks to @aviraldg for the initial work on the Electron integration.
The configuration docs show how to override the desktop app's default settings if desired.
config.json
Element supports a variety of settings to configure default servers, behaviour, themes, etc. See the configuration docs for more details.
Labs Features
Some features of Element may be enabled by flags in the Labs section of the settings.
Some of these features are described in labs.md.
Caching requirements
Element requires the following URLs not to be cached, when/if you are serving Element from your own webserver:
/config.*.json
/i18n
/home
/sites
/index.html
We also recommend that you force browsers to re-validate any cached copy of Element on page load by configuring your
webserver to return Cache-Control: no-cache for /. This ensures the browser will fetch a new version of Element on
the next page load after it's been deployed. Note that this is already configured for you in the nginx config of our
Dockerfile.
Development
Please read through the following:
Translations
To add a new translation, head to the translating doc.
For a developer guide, see the translating dev doc.
Triaging issues
Issues are triaged by community members and the Web App Team, following the triage process.
We use issue labels to sort all incoming issues.
Copyright & License
Copyright (c) 2014-2017 OpenMarket Ltd Copyright (c) 2017 Vector Creations Ltd Copyright (c) 2017-2025 New Vector Ltd
This software is multi licensed by New Vector Ltd (Element). It can be used either:
(1) for free under the terms of the GNU Affero General Public License (as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version); OR
(2) for free under the terms of the GNU General Public License (as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version); OR
(3) under the terms of a paid-for Element Commercial License agreement between you and Element (the terms of which may vary depending on what you and Element have agreed to). Unless required by applicable law or agreed to in writing, software distributed under the Licenses is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licenses for the specific language governing permissions and limitations under the Licenses.