From a0f4a9aa87492f01bf5187ee2683cfae46878fd9 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 27 May 2026 15:20:17 -0600 Subject: [PATCH] Remind servers that they shouldn't overwrite signatures with those from a policy server (#2385) * Remind servers that they shouldn't overwrite signatures with those from a policy server * changelog --- changelogs/server_server/newsfragments/2385.clarification | 1 + data/api/server-server/room_policy.yaml | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 changelogs/server_server/newsfragments/2385.clarification diff --git a/changelogs/server_server/newsfragments/2385.clarification b/changelogs/server_server/newsfragments/2385.clarification new file mode 100644 index 00000000..062fccc9 --- /dev/null +++ b/changelogs/server_server/newsfragments/2385.clarification @@ -0,0 +1 @@ +Clarify that policy servers might share a name with event origins, and that servers should avoid overwriting/discarding signatures for the event origin when getting a policy server signature. \ No newline at end of file diff --git a/data/api/server-server/room_policy.yaml b/data/api/server-server/room_policy.yaml index 4f9634cf..a46b353f 100644 --- a/data/api/server-server/room_policy.yaml +++ b/data/api/server-server/room_policy.yaml @@ -41,6 +41,12 @@ paths: What the Policy Server checks for when calling this endpoint is left as an implementation detail. + + {{% boxes/warning %}} + The policy server name might be the same as the event's origin, and therefore the event might + have existing signatures. Those existing signatures might not be returned by the policy server, + but should be retained to validate the event. + {{% /boxes/warning %}} operationId: askPolicyServerToSign security: - signedRequest: []