Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Federation requests must be for local users. #1672

Merged
merged 3 commits into from Nov 14, 2023
Merged

Federation requests must be for local users. #1672

merged 3 commits into from Nov 14, 2023

Conversation

clokep
Copy link
Contributor

@clokep clokep commented Nov 8, 2023
edited by github-actions bot

This is already mentioned for /user/devices, but is not mentioned for /query/profile, /user/keys/claim, or /user/keys/query.

See GHSA-mp92-3jfm-3575 for an issue found with this in Synapse.

@turt2live suggested this be a spec clarification as opposed to an MSC. I didn't spec what a homeserver should do in this case, although it is my opinion that the invalid requests should be rejected outright.

Preview: https://pr1672--matrix-spec-previews.netlify.app

@clokep clokep marked this pull request as ready for review November 8, 2023 16:08
@clokep clokep requested a review from a team as a code owner November 8, 2023 16:08
richvdh
richvdh approved these changes Nov 14, 2023
View reviewed changes
data/api/server-server/query.yaml
@@ -121,7 +121,7 @@ paths:
parameters:
- in: query
name: user_id
description: The user ID to query.
description: The user ID to query. Must be a user local to the receiving homeserver.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is already mentioned in the description. I suppose there is no harm in repeating it.

@richvdh richvdh merged commit 161a4a2 into matrix-org:main Nov 14, 2023
12 checks passed
@clokep clokep deleted the reject-invalidate-fed-requests branch November 14, 2023 16:26
@clokep
Copy link
Contributor Author

clokep commented Nov 14, 2023

Thanks for the review! 🎉

@zecakeh zecakeh mentioned this pull request Nov 30, 2023
Closed
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@clokep @richvdh