diff --git a/src/client/initMatrix.ts b/src/client/initMatrix.ts index 9a8517a30..6db8358bd 100644 --- a/src/client/initMatrix.ts +++ b/src/client/initMatrix.ts @@ -12,7 +12,33 @@ import { deleteSearchCacheDatabase } from '../app/utils/searchCache'; // This happens after a downgrade (e.g. matrix-js-sdk was briefly upgraded and then reverted). export const IDB_VERSION_CONFLICT = 'IDB_VERSION_CONFLICT'; +/** + * KE-1 mitigation. Ask the browser to make this origin's storage persistent so the + * IndexedDB **crypto store** isn't evicted from under a surviving `localStorage` + * session. When that happens the device "resurrects" with a blank key store and the + * client re-uploads a one-time key at an id Synapse already holds → a permanent + * `400 M_UNKNOWN: … already exists` upload-conflict storm (and, downstream, + * undecryptable to-device/media keys). `persist()` grants based on engagement / PWA + * install and shows no prompt; denial/absence is non-fatal. + */ +export const requestPersistentStorage = async (): Promise => { + try { + if (!navigator.storage?.persist) return false; + if (await navigator.storage.persisted()) return true; + const granted = await navigator.storage.persist(); + if (!granted) { + console.warn('Persistent storage not granted — the crypto store remains evictable (KE-1).'); + } + return granted; + } catch { + return false; + } +}; + export const initClient = async (session: Session): Promise => { + // Protect the crypto store from eviction before we create and write to it. + await requestPersistentStorage(); + const indexedDBStore = new IndexedDBStore({ indexedDB: globalThis.indexedDB, localStorage: globalThis.localStorage,