Skip to content

quali-chat/quali-chat-web

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63,802 Commits
.github
.github
 
 
.husky
.husky
 
 
.storybook
.storybook
 
 
__mocks__
__mocks__
 
 
debian
debian
 
 
docker
docker
 
 
docs
docs
 
 
element.io
element.io
 
 
module_system
module_system
 
 
patches
patches
 
 
playwright
playwright
 
 
res
res
 
 
scripts
scripts
 
 
src
src
 
 
test
test
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.git-blame-ignore-revs
.git-blame-ignore-revs
 
 
.gitignore
.gitignore
 
 
.lintstagedrc
.lintstagedrc
 
 
.modernizr.json
.modernizr.json
 
 
.node-version
.node-version
 
 
.npmignore
.npmignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.cjs
.prettierrc.cjs
 
 
.prettierrc.js
.prettierrc.js
 
 
.stylelintrc.js
.stylelintrc.js
 
 
AUTHORS.rst
AUTHORS.rst
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
LICENSE-AGPL-3.0
LICENSE-AGPL-3.0
 
 
LICENSE-COMMERCIAL
LICENSE-COMMERCIAL
 
 
LICENSE-GPL-3.0
LICENSE-GPL-3.0
 
 
README.md
README.md
 
 
babel.config.js
babel.config.js
 
 
book.toml
book.toml
 
 
build_config.sample.yaml
build_config.sample.yaml
 
 
code_style.md
code_style.md
 
 
components.json
components.json
 
 
config.sample.json
config.sample.json
 
 
customisations.json
customisations.json
 
 
declaration.d.ts
declaration.d.ts
 
 
developer_guide.md
developer_guide.md
 
 
jest.config.ts
jest.config.ts
 
 
knip.ts
knip.ts
 
 
localazy.json
localazy.json
 
 
package.json
package.json
 
 
playwright.config.ts
playwright.config.ts
 
 
recorder-worklet-loader.js
recorder-worklet-loader.js
 
 
sonar-project.properties
sonar-project.properties
 
 
tsconfig.json
tsconfig.json
 
 
tsconfig.module_system.json
tsconfig.module_system.json
 
 
webpack.config.js
webpack.config.js
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

quali-chat-web

The quali.chat web client provides a web interface for token-gated community chats, supporting verified token holders across multiple blockchains.

Getting Started

The easiest way to get started with quali.chat is to just use the hosted copy at https://app.quali.chat.

Important Security Notes

Separate domains

We do not recommend running quali.chat from the same domain name as your Matrix homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused quali.chat to load and render malicious user generated content from a Matrix API which then had trusted access to quali.chat (or other apps) due to sharing the same domain.

We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See element-hq#1977 for more details.

Configuration best practices

Unless you have special requirements, you will want to add the following to your web server configuration when hosting quali.chat web:

  • The X-Frame-Options: SAMEORIGIN header, to prevent quali.chat web from being framed and protect from clickjacking.
  • The frame-ancestors 'self' directive to your Content-Security-Policy header, as the modern replacement for X-Frame-Options (though both should be included since not all browsers support it yet, see this).
  • The X-Content-Type-Options: nosniff header, to disable MIME sniffing.
  • The X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.

If you are using nginx, this would look something like the following:

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";

For Apache, the configuration looks like:

Header set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy "frame-ancestors 'self'"

Note: In case you are already setting a Content-Security-Policy header elsewhere, you should modify it to include the frame-ancestors directive instead of adding that last line.

Building From Source

quali.chat is a modular webapp built with modern ES6 and uses a Node.js build system. Ensure you have the latest LTS version of Node.js installed.

Using yarn instead of npm is recommended. Please see the Yarn install guide if you do not have it already.

  1. Install or update node.js so that your node is at least the current recommended LTS.
  2. Install yarn if not present already.
  3. Clone the repo: git clone https://github.com/quali-chat/quali-chat-web.git.
  4. Switch to the quali-chat-web directory: cd quali-chat-web.
  5. Install the prerequisites: yarn install.
    • If you're using the develop branch, then it is recommended to set up a proper development environment (see Setting up a dev environment below)
  6. Configure the app by copying config.sample.json to config.json and modifying it. See the configuration docs for details.
  7. yarn dist to build a tarball to deploy. Untaring this file will give a version-specific directory containing all the files that need to go on your web server.

Note that yarn dist is not supported on Windows, so Windows users can run yarn build, which will build all the necessary files into the webapp directory. The version of quali.chat web will not appear in Settings without using the dist script. You can then mount the webapp directory on your web server to actually serve up the app, which is entirely static content.

config.json

quali.chat supports a variety of settings to configure default servers, behaviour, themes, etc. See the configuration docs for more details.

Labs Features

Some features of quali.chat may be enabled by flags in the Labs section of the settings. Some of these features are described in labs.md.

Caching requirements

quali.chat requires the following URLs not to be cached, when/if you are serving quali.chat from your own webserver:

/config.*.json
/i18n
/home
/sites
/index.html

We also recommend that you force browsers to re-validate any cached copy of quali.chat on page load by configuring your webserver to return Cache-Control: no-cache for /. This ensures the browser will fetch a new version of quali.chat on the next page load after it's been deployed. Note that this is already configured for you in the nginx config of our Dockerfile.

Development

Please read through the following:

  1. Developer guide
  2. Code style
  3. Contribution guide

Translations

To add a new translation, head to the translating doc.

For a developer guide, see the translating dev doc.

Copyright & License

Copyright (c) 2014-2017 OpenMarket Ltd.
Copyright (c) 2017 Vector Creations Ltd.
Copyright (c) 2017-2025 New Vector Ltd.
Copyright (c) 2025 Keypair Establishment.

This fork is a customized version of Element Web, rebranded and modified as quali.chat web by Keypair Establishment and licensed under the GNU Affero General Public License (as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version).

Unless required by applicable law or agreed to in writing, software distributed under the Licenses is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licenses for the specific language governing permissions and limitations under the Licenses.

About

quali.chat Web Client

quali.chat

Resources

Readme

License

GPL-3.0 and 3 other licenses found

Licenses found

GPL-3.0
LICENSE
AGPL-3.0
LICENSE-AGPL-3.0
Unknown
LICENSE-COMMERCIAL
GPL-3.0
LICENSE-GPL-3.0

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 92.1%
  • CSS 5.8%
  • JavaScript 1.1%
  • HTML 0.7%
  • Python 0.1%
  • Shell 0.1%
  • Other 0.1%