MSC2931: Allow widgets to navigate with matrix.to URIs #2931
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| # MSC2931: Widget navigate permission | ||
|
|
||
| [Widgets](https://github.com/matrix-org/matrix-doc/pull/2764) currently have some capability to | ||
| affect how a client operates, though given the embedded nature of widgets it is desirable to have | ||
| even more functionality. | ||
|
|
||
| Widgets are currently expected to have significantly increased interaction with the client (as shown | ||
| by [MSC2762 - Send/receive events](https://github.com/matrix-org/matrix-doc/pull/2762) and | ||
| [MSC2876 - Read events](https://github.com/matrix-org/matrix-doc/pull/2876)), and as such it's a | ||
| natural extension to give widgets an option to route the user to another room or visit a permalink. | ||
| This sort of extension would be useful for directing support queries to the right room, or implementing | ||
| scoreboard widgets for polls/messages in a room with permalinks to the messages. | ||
|
|
||
| ## Proposal | ||
|
|
||
| A new capability, `m.navigate`, is introduced to gate a `navigate` request/response over the widget API. | ||
| The `navigate` action takes one parameter, `uri`, in its `data` - this is the matrix.to (or in future | ||
| Matrix URI scheme) URI the client should honour. The request is acknowledged with an empty response body. | ||
|
Member
There was a problem hiding this comment. Matrix URIs are already in the spec and the navigation in question is specifically for Matrix clients - I don't see a reason why Matrix URIs should not be the recommended form now, not in the future (and yes that means that Element Web should finally catch up and parse them).
Member
Author
There was a problem hiding this comment. This MSC was last updated over a year ago. |
||
|
|
||
| Example request, using the standardized format: | ||
|
|
||
| ```json5 | ||
| { | ||
| "api": "fromWidget", | ||
| "widgetId": "20200827_WidgetExample", | ||
| "requestid": "generated-id-1234", | ||
| "action": "navigate", | ||
| "data": { | ||
| "uri": "https://matrix.to/#/!room:example.org/$event?via=example.org" | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| Example response: | ||
|
|
||
| *Note*: A standardized response is a complete copy of the request with an added `response` field. In | ||
| this case, the response is just an acknowledgement of receipt and is thus empty. | ||
|
|
||
| ```json5 | ||
| { | ||
| "api": "fromWidget", | ||
| "widgetId": "20200827_WidgetExample", | ||
| "requestid": "generated-id-1234", | ||
| "action": "navigate", | ||
| "data": { | ||
| "uri": "https://matrix.to/#/!room:example.org/$event?via=example.org" | ||
| }, | ||
| "response": {} | ||
| } | ||
| ``` | ||
|
|
||
| As with all capabilities, clients SHOULD prompt the user to approve the widget's use of the navigate | ||
|
Contributor
There was a problem hiding this comment. We talked about this a bit on #3662, but it would be good to have an intention included with the action. E.g. For userIds, I might want to direct the client to either invite the user to my current room OR start a new chat with the user. I'd slightly be more in favor of a key
Member
Author
There was a problem hiding this comment. Actions are described by the URL format already in the spec - this MSC doesn't change that.
Contributor
There was a problem hiding this comment. Where? (I had a look, couldn't spot them)
Member
Author
There was a problem hiding this comment. https://spec.matrix.org/unstable/appendices/#uris - they are formally specified on |
||
| action before allowing it. The navigate action is only valid once the session has been established | ||
| (after capabilities are exchanged, essentially). | ||
|
|
||
| The client can reject a widget's navigate action, even if approved by the capability, on any grounds | ||
| it deems reasonable such as considering permalinks to other rooms being too great of a security risk. | ||
| This is done with the standardized error response. Clients should reject the request if they don't | ||
| support the feature at all, such as navigating to user profiles. | ||
|
|
||
| ## Potential issues | ||
|
|
||
| This might be giving widgets too much power or helping set a precedent that widgets should have | ||
| tightly integrated features with the client. Ideally, widgets gain more power without sacrificing | ||
| privacy and security - the capabilities system is meant to prevent this. | ||
|
|
||
| ## Alternatives | ||
|
|
||
| None appear relevant. The idea here is to be as supportive as possible using existing technologies. | ||
| [Prior work](https://github.com/matrix-org/matrix-react-sdk/pull/5385) in this area has been done in | ||
| Element Web by limiting the request to only viewing rooms - since that work it's become apparent that | ||
| more general handling of matrix.to links is needed, and the security risk is less concerning now that | ||
| the feature has been used in practice. | ||
|
|
||
| ## Security considerations | ||
|
|
||
| Widgets can do all sorts of things like spam the client with requests to navigate somewhere or direct | ||
| the user to an abusive room/user/event - clients are expected to handle rate limiting, and the abusive | ||
| content direction is generally considered a social problem rather than a technical one for this MSC. | ||
| Widgets should only be added by trusted members of a room (moderators and admins, typically) and thus | ||
| is is generally expected that one wouldn't add this variety of malicious widget to a room. Other attacks | ||
| of a similar nature are made irrelevant by the same argument. | ||
|
|
||
| ## Unstable prefix | ||
|
|
||
| Implementations should use `org.matrix.msc2931.navigate` as the capability and action while this MSC | ||
| is not in a released version of the spec. Implementations should also look for/expose `org.matrix.msc2931` | ||
| as a supported version over the Widget API. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Navigation feels a bit too tightly defined here, there are more use cases than navigation for sharing a matrix URI with the client. This could be made more generic (and therefore more useful) to simply have this API be a URI sharing mechanism (
"action":"share") and then include the intent ofnavigate.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This MSC is intended to instruct the client to do something with the uri, not to just be a permalink handler. "Handle" and "route" felt far too generic, so navigate was chosen similar to how the browser navigates to a URL which might result in a desktop application being opened instead.