Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-28 22:14:10 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

MSC4163: Make ACLs apply to EDUs

Browse source 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
This commit is contained in:
Johannes Marbach 2024-11-19 10:46:59 +01:00
parent c5d7eb7a2d
commit 727d527d8b
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
content/server-server-api.md
View file

@ -1228,7 +1228,6 @@ of `M_FORBIDDEN`.
The following endpoint prefixes MUST be protected:
- `/_matrix/federation/v1/send` (on a per-PDU basis)
- `/_matrix/federation/v1/make_join`
- `/_matrix/federation/v1/make_leave`
- `/_matrix/federation/v1/send_join`
@ -1245,6 +1244,22 @@ The following endpoint prefixes MUST be protected:
- `/_matrix/federation/v1/event_auth`
- `/_matrix/federation/v1/get_missing_events`
Additionally the [`/_matrix/federation/v1/send/{txnId}`](#put_matrixfederationv1sendtxnid)
endpoint MUST be protected as follows:
- ACLs MUST be applied on a per-PDU basis. If the `origin` server is
denied access to the room identified by `room_id`, the PDU MUST be
ignored with an appropriate error included in the response for the
respective event ID.
- ACLs MUST be applied on a per-EDU basis to all EDUs that are local
to a specific room. This includes:
- [Typing notifications (m.typing)](#typing-notifications)
- [Receipts (m.receipt)](#receipts)
If the `origin` server is denied access to the room identified by
`room_id`, the EDU MUST be ignored.
## Signing Events
Signing events is complicated by the fact that servers can choose to