From 8f22b671f031dbcccb837c84c734494bf941bc71 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 26 May 2026 12:46:23 -0600 Subject: [PATCH] Remind servers that they shouldn't overwrite signatures with those from a policy server --- data/api/server-server/room_policy.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/data/api/server-server/room_policy.yaml b/data/api/server-server/room_policy.yaml index 4f9634cf..a46b353f 100644 --- a/data/api/server-server/room_policy.yaml +++ b/data/api/server-server/room_policy.yaml @@ -41,6 +41,12 @@ paths: What the Policy Server checks for when calling this endpoint is left as an implementation detail. + + {{% boxes/warning %}} + The policy server name might be the same as the event's origin, and therefore the event might + have existing signatures. Those existing signatures might not be returned by the policy server, + but should be retained to validate the event. + {{% /boxes/warning %}} operationId: askPolicyServerToSign security: - signedRequest: []