Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add spec for MSC4163: Make ACLs apply to EDUs #2004

Merged
merged 8 commits into from
Dec 11, 2024
Merged

Add spec for MSC4163: Make ACLs apply to EDUs #2004

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
727d527
MSC4163: Make ACLs apply to EDUs
Johennes Nov 19, 2024
f5bb734
Add changelog
Johennes Nov 19, 2024
276fa60
Apply ACLs per room ID for m.receipt EDUs
Johennes Nov 19, 2024
65c77ef
Update content/server-server-api.md
Johennes Dec 11, 2024
2e5c532
Update content/server-server-api.md
Johennes Dec 11, 2024
81e4490
Update content/server-server-api.md
Johennes Dec 11, 2024
4970410
Update content/server-server-api.md
Johennes Dec 11, 2024
6191344
Update content/server-server-api.md
Johennes Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelogs/server_server/newsfragments/2004.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Make ACLs apply to EDUs as per [MSC4163](https://github.com/matrix-org/matrix-spec-proposals/pull/4163).
17 changes: 16 additions & 1 deletion content/server-server-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1228,7 +1228,6 @@ of `M_FORBIDDEN`.

The following endpoint prefixes MUST be protected:

- `/_matrix/federation/v1/send` (on a per-PDU basis)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved this down in order to detail the behaviour of the endpoint and because the description above with HTTP 403 and errcode cannot actually be applied to it.

- `/_matrix/federation/v1/make_join`
- `/_matrix/federation/v1/make_leave`
- `/_matrix/federation/v1/send_join`
Expand All @@ -1245,6 +1244,22 @@ The following endpoint prefixes MUST be protected:
- `/_matrix/federation/v1/event_auth`
- `/_matrix/federation/v1/get_missing_events`

Additionally the [`/_matrix/federation/v1/send/{txnId}`](#put_matrixfederationv1sendtxnid)
endpoint MUST be protected as follows:

- ACLs MUST be applied to all PDUs on a per-PDU basis. If the sending
server is denied access to the room identified by `room_id`, the PDU
MUST be ignored with an appropriate error included in the response
for the respective event ID.
- ACLs MUST be applied to all EDUs that are local to a specific room:

- For [typing notifications (`m.typing`)](#typing-notifications), if
the sending server is denied access to the room identified by
`room_id`, the EDU MUST be ignored.
- For [receipts (`m.receipt`)](#receipts), all receipts for a particular
room ID MUST be ignored if the sending server is denied access to
the room identified by that ID.

## Signing Events

Signing events is complicated by the fact that servers can choose to
Expand Down
Loading