Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Behaviour of allow_remote on media endpoints is unclear #1767

Open
deepbluev7 opened this issue Mar 22, 2024 · 1 comment
Open

Behaviour of allow_remote on media endpoints is unclear #1767

deepbluev7 opened this issue Mar 22, 2024 · 1 comment
Labels
A-Client-Server Issues affecting the CS API clarification An area where the expected behaviour is understood, but the spec could do with being more explicit good first issue This is a fix that might be an easy place for someone to start for their first contribution

Comments

@deepbluev7
Copy link
Contributor

Link to problem area:

https://spec.matrix.org/v1.10/client-server-api/#get_matrixmediav3downloadservernamemediaid

Issue

The spec says for allow_remote:

Indicates to the server that it should not attempt to fetch the media if it is deemed remote. This is to prevent routing loops where the server contacts itself. Defaults to true if not provided.

This is interpreted by some people, that cached remote media should be returned. (That however would leak data about what media has been viewed by users on that server.)

The matrix-media-repo project implements the behaviour like that.

However Synapse doesn't return ANY remote media, if allow_remote is false: https://github.com/matrix-org/synapse/blob/be65a8ec0195955c15fdb179c9158b187638e39a/synapse/rest/media/download_resource.py#L83

Conduit seems to follow what the matrix-media-repo does: https://gitlab.com/famedly/conduit/-/blob/b11855e7a1fc00074a13f9d1b9ab04462931332f/src/api/client_server/media.rs#L113

Dendrite seems to follow Synapse's behaviour: https://github.com/matrix-org/dendrite/blob/b9abbf7b20b4faaffe754c4a1ea4d5f0e7bd72b9/mediaapi/routing/routing.go#L146

While in general this difference doesn't cause problems, since servers usually only ask the original server about the media (by checking the server name in the media id), if a client wants to check if a media is already stored on the server, it would not be able to do so. However, being able to verify the existence of remote media on a server does expose some data about what users on that server have looked at. Synapse's behaviour is better from a data minimalism perspective in that case.
@deepbluev7 deepbluev7 added the clarification An area where the expected behaviour is understood, but the spec could do with being more explicit label Mar 22, 2024
@turt2live turt2live added the A-Client-Server Issues affecting the CS API label Mar 22, 2024
@richvdh richvdh changed the title allow_remote on media endpoints is interpreted differently Behaviour of allow_remote on media endpoints is unclear Mar 25, 2024
@richvdh
Copy link
Member

richvdh commented Mar 25, 2024

Agreed, this could be clarified. And for the reasons you suggest, this seems like a bug in Conduit and m-m-r.

@richvdh richvdh added the good first issue This is a fix that might be an easy place for someone to start for their first contribution label Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Client-Server Issues affecting the CS API clarification An area where the expected behaviour is understood, but the spec could do with being more explicit good first issue This is a fix that might be an easy place for someone to start for their first contribution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turt2live @richvdh @deepbluev7