fix: prevent allow_redirect=true on media URLs; fallback on 400 too

Synapse's thumbnail endpoint returns 400 Bad Request when the
allow_redirect=true query parameter is present (added by matrix-js-sdk
41.x for authenticated media). Default allowRedirects to false in our
mxcUrlToHttp wrapper so the parameter is never appended.

Also extend the downloadMedia legacy-URL fallback to cover 400 in
addition to 401, catching any encrypted-media fetches that still carry
the old URL shape after a cache refresh.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/app/utils/matrix.ts

@@ -284,7 +284,8 @@ export const mxcUrlToHttp = (
   height?: number,
   resizeMethod?: string,
   allowDirectLinks?: boolean,
-  allowRedirects?: boolean,
+  // Synapse's thumbnail endpoint returns 400 for allow_redirect=true; keep false everywhere.
+  allowRedirects = false,
 ): string | null =>
   mx.mxcUrlToHttp(
     mxcUrl,
@@ -301,11 +302,12 @@ export const downloadMedia = async (src: string): Promise<Blob> => {
   const res = await fetch(src, { method: 'GET' });
   if (res.ok) return res.blob();
 
-  // On 401 fall back to the legacy unauthenticated media path.
+  // On 401/400 fall back to the legacy unauthenticated media path.
-  // This covers the race where the SW session isn't set yet, or when matrix-js-sdk
+  // 401: SW session missing (race on first load or after SW restart).
-  // appends ?allow_redirect=true and Synapse strips auth on the redirect hop.
+  // 400: allow_redirect=true on a URL that was constructed before this fix was deployed;
+  //      Synapse's thumbnail endpoint rejects that parameter with 400.
   // Requires allow_public_access_to_media_repo: true on the homeserver.
-  if (res.status === 401) {
+  if (res.status === 401 || res.status === 400) {
     const legacyUrl = src
       .replace('/_matrix/client/v1/media/download/', '/_matrix/media/v3/download/')
       .replace('/_matrix/client/v1/media/thumbnail/', '/_matrix/media/v3/thumbnail/');