Limit which clients are allowed to send read receipts without a body #11156
Comments
callahad
added
P3
|
Go for it! |
|
Ah, thanks! I deleted my comment because I was reading through the comments of some other issues and I got confused about how assigning works (or lack thereof) but I'll work on this. |
|
I think @callahad omitted to mention that the user agent should contain At least a few months ago, modern iOS clients still send |
|
@reivilibre So should the code allow empty body read receipts for any user agent containing |
The latter: we only want to target this hack/workaround at old Android clients. I've updated @callahad's description to try to reflect this. Hopefully that's clearer, shout if not! |
The Matrix Spec requires that requests to
POST /rooms/{roomId}/receipt/{receiptType}/{eventId}have a body, even if it's just{}. Unfortunately, older Element Android clients omitted this and sent empty bodies instead.We worked around this in #10531, but we'd like to eventually remove the workaround per #10534.
To prevent the problem from getting worse, we should limit the scope of the workaround to only apply to known bad clients.
Specifically, instead of unconditionally setting
allow_empty_body=Truehere:synapse/synapse/rest/client/receipts.py
Line 55 in ba00e20
We should only set it to
Trueif the result ofget_request_user_agent(request)containsAndroidand satisfies one of the following:Riot(e.g.,Old Riot.im,Riot,RiotX,Element (Riot.im))Element/1.[012].*SchildiChat/1.[012].*(This will unnecessarily allow all Element 1.2.x releases to send empty bodies, instead of just versions < 1.2.1, but doing so really simplifies the glob, and we know that 1.2.1 and later are well behaved, so no harm done.)
The text was updated successfully, but these errors were encountered: