This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
peeking doesn't work over federation #4236
Labels
A-Spec-Compliance
places where synapse does not conform to the spec
O-Occasional
Affects or can be seen by some users regularly or most users rarely
S-Minor
Blocks non-critical functionality, workarounds exist.
T-Defect
Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
T-Enhancement
New features, changes in functionality, improvements in performance, or user-facing enhancements.
The specification states in 13.12
It goes on to say:
Exhibited Behavior
Synapse denies
world_readable
information by imposing a condition which checks if the requesting server has at least one user joined to the room. It responds with the error:This is not
world_readable
as specified. This check occurs on all relevant federation endpoints, making it impossible to access information about a room without joining at least one user. This exhibits ashared
rather thanworld_readable
visibility.Proper Behavior
Synapse should not care whether a requesting server is joined to a room when it attempts to elicit information for events covered by a
world_readable
visibility state.Conclusion
As the reference implementation for the specification, this is a problem. Either this is an implementation error by synapse or this is an omission by the written specification. Should server implementations follow suit with synapse de facto or should they follow the specification de jure in contrast with it?
Furthermore, if this condition was implemented to mitigate a security vulnerability, spam or DoS vector, or even a performance problem: other implementations will surely fall victim to it, and the specification should not blindly lead them into doing so. In contrast, if a server developer believes the preceding statement might be true because this discrepancy merely exists, when it is not true, they will degrade the functionality of their server for no reason.
The text was updated successfully, but these errors were encountered: