From 6f833502b0694946a406e6cc19238e4374d8b62a Mon Sep 17 00:00:00 2001 From: Helix K Date: Wed, 22 Apr 2026 12:58:57 -0500 Subject: [PATCH 1/2] Specify MSC4418: Make `destination` a required server authentication field --- content/server-server-api.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/content/server-server-api.md b/content/server-server-api.md index 9dda3396..a11af8be 100644 --- a/content/server-server-api.md +++ b/content/server-server-api.md @@ -375,11 +375,10 @@ The authorization parameters to include are: `origin` field from JSON described in step 1. - `destination`: {{% added-in v="1.3" %}} the server name of the receiving server. This is the same as the `destination` field from the JSON described - in step 1. For compatibility with older servers, recipients should accept - requests without this parameter, but MUST always send it. If this property - is included, but the value does not match the receiving server's name, the + in step 1. If the value does not match the receiving server's name, the receiving server must deny the request with an HTTP status code 401 Unauthorized. + {{% changed-in v="1.19" %}} This field is now required. - `key`: the ID, including the algorithm name, of the sending server's key used to sign the request. - `signature`: the signature of the JSON as calculated in step 1. From 118f712af3e3cf8bdcc3912a40cf35314201bd8f Mon Sep 17 00:00:00 2001 From: Helix K Date: Wed, 22 Apr 2026 13:09:32 -0500 Subject: [PATCH 2/2] newsfragment --- changelogs/server_server/newsfragments/2360.breaking | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/server_server/newsfragments/2360.breaking diff --git a/changelogs/server_server/newsfragments/2360.breaking b/changelogs/server_server/newsfragments/2360.breaking new file mode 100644 index 00000000..f2a3cc90 --- /dev/null +++ b/changelogs/server_server/newsfragments/2360.breaking @@ -0,0 +1 @@ +Require the `destination` field in server-to-server authentication. Contributed by @velikopter. \ No newline at end of file