Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4170: 403 error responses for profile APIs #4170

Merged
merged 20 commits into from
Oct 7, 2024
Merged
Changes from 1 commit
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Clarify that this proposal won't solve the public room problem
Johennes committed Aug 7, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit c1aafd8432ea278708fd5fb72da7f948d1816019
8 changes: 6 additions & 2 deletions proposals/4170-profile-403.md
richvdh marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -61,7 +61,7 @@
- [`GET /_matrix/client/v3/profile/{userId}/displayname`]

homeservers MUST at a minimum allow profile look-up for users that either share a room
with the requester or reside in a public room known to the homeserver[^3]. In all other
with the requester or reside in a public[^3] room known to the homeserver[^4]. In all other
cases, homeservers MAY deny profile look-up by responding with 403 `M_FORBIDDEN`.
Johennes marked this conversation as resolved.
Show resolved Hide resolved

If a remote user is queried through the client-server endpoints and the query is not
@@ -103,7 +103,11 @@

[^1]: https://github.com/element-hq/synapse/commit/c0e0740bef0db661abce352afaf6c958e276f11d
[^2]: https://github.com/matrix-org/synapse/pull/9203/files#diff-2f70c35b9dd342bfdaaed445847e0ccabbad63aa9a208d80d38fb248cbf57602L311
[^3]: This matches the existing requirements for [`POST /_matrix/client/v3/user_directory/search`].
[^3]: As stated in https://github.com/matrix-org/matrix-spec/issues/633, the spec currently
doesn't cleary define what a public room is. This proposal does not aim to solve this

Check warning on line 107 in proposals/4170-profile-403.md

GitHub Actions / Spell Check with Typos

"cleary" should be "clearly".
problem and instead only requires that the user directory and profile APIs use the same
definition.
[^4]: This matches the existing requirements for [`POST /_matrix/client/v3/user_directory/search`].
Johennes marked this conversation as resolved.
Show resolved Hide resolved

[`GET /_matrix/client/v3/profile/{userId}`]: https://spec.matrix.org/v1.11/client-server-api/#get_matrixclientv3profileuserid
[`GET /_matrix/client/v3/profile/{userId}/avatar_url`]: https://spec.matrix.org/v1.11/client-server-api/#get_matrixclientv3profileuseridavatar_url