Add HTTP 403 to possible profile responses

Some servers may not allow profile lookup over federation, and thus respond to GET /_matrix/client/v3/profile/{userId} with an HTTP 403. For example, Synapse can be configured to behave in this way by setting: allow_profile_lookup_over_federation=false Thus, this behavior already exists in the wild, and may cause issues for clients such as element-hq/element-web#17269. Synapse could alter its behavior and return an HTTP 404 in these cases, but amending the Spec seems preferable to align with extant behavior. Further, allowing HTTP 403 gives clients more specific information as to why a request has failed, enabling more precise error handling. Signed-off-by: Dan Callahan <danc@element.io>
matrix-org · Nov 25, 2021 · ff7f02d · ff7f02d
1 parent dce06f6
commit ff7f02d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/changelogs/client_server/newsfragments/3530.clarification b/changelogs/client_server/newsfragments/3530.clarification
@@ -0,0 +1 @@
+Document that servers may respond with an HTTP 403 to GET /_matrix/client/v3/profile/{userId}.
diff --git a/data/api/client-server/profile.yaml b/data/api/client-server/profile.yaml
@@ -211,6 +211,8 @@ paths:
               displayname:
                 type: string
                 description: The user's display name if they have set one, otherwise not present.
+        403:
+          description: The server is unwilling to disclose whether the user exists and/or has profile information.
         404:
           description: There is no profile information for this user or this user does not exist.
       tags: