Add submit_url field to requestToken responses, clarify HS's can send tokens themselves #2101
Conversation
* master: Update example Fix 404s in links from room v1 spec Provide a more complete example of a "minimally-sized event" Revert signature change for redactable event test Clarify how many PDUs are in a given transaction object Clarify that the server shouldn't process retries for UIA Clarify when authorization and rate-limiting are not applicable Skip over partial event definitions in examples Rename example to invite_room_state Shorten references to StrippedState in s2s spec Fix examples of StrippedState in s2s spec Clarify exactly what StrippedState is Clarify that UIA stages cannot be attempted twice Fix test vectors with invalid JSON and signature Spec 3PID unbind API Spec MSISDN UIA support
|
Odd that the added section has an increase line spacing height. Is this due to having multiple paragraphs perhaps? |
|
I wouldn't worry too much about the line height tbh - it's almost certainly because of the paragraphs, but I think we can fix that with css on Monday if we care (I don't, at least not enough to rush in a fix). |
There was a problem hiding this comment.
I haven't done a review for accuracy - that probably needs an identity person. I have done a structural review though.
Because the same information is repeated several times, I stopped pointing out duplicate comments about halfway through - the feedback applies to more than what's pointed out.
|
@dbkr could you be an identity person and check this PR for accuracy? |
There was a problem hiding this comment.
More structural concerns to be addressed.
This PR also needs to address #2030 (comment) - the proposal should also mention this.
Also: Please resolve comment threads once the related concern is addressed. They do not auto-close.
There was a problem hiding this comment.
and a changelog, highlighting the breaking change (see #2078 (comment) )
Co-Authored-By: Travis Ralston <travpc@gmail.com>
There was a problem hiding this comment.
Last request: please link to the implementation in the PR description as proof this works in practice.
otherwise lgtm, thanks for suffering my nitpicking editor hat. I would recommend a checkmark from an identity person, but I believe this accurately represents the proposal and implementation.
|
Thanks for sticking with me on it! I've requested a final review from @dbkr as an 'identity person'. |
|
also may be a good idea to add a few red flags to the impl proof just in case someone copies it with the vuln. |
|
have added yelling to the PR description of matrix-org/synapse#5377 |
The spec implementation of MSC2078.
Implementation proof: matrix-org/synapse#5377