mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-07-02 12:17:47 +02:00
Clarify allowed characters in mxc:// URIs
The security considerations section already has this MUST, but people often don't look that far. Signed-off-by: Tulir Asokan <tulir@maunium.net>
This commit is contained in:
parent
59b92ce9e6
commit
c5a4c0a1c8
|
|
@ -0,0 +1 @@
|
||||||
|
Clarify allowed characters in `mxc://` URIs.
|
||||||
|
|
@ -40,6 +40,10 @@ mxc://<server-name>/<media-id>
|
||||||
<media-id> : An opaque ID which identifies the content.
|
<media-id> : An opaque ID which identifies the content.
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The `media-id` segment MUST consist of only alphanumeric (`A-Za-z0-9`), `_` and
|
||||||
|
`-` characters. See the [security considerations](#content-repo-security-considerations)
|
||||||
|
section below for more details.
|
||||||
|
|
||||||
#### Client behaviour {id="content-repo-client-behaviour"}
|
#### Client behaviour {id="content-repo-client-behaviour"}
|
||||||
|
|
||||||
Clients can access the content repository using the following endpoints.
|
Clients can access the content repository using the following endpoints.
|
||||||
|
|
@ -125,7 +129,7 @@ Servers MUST NOT upscale thumbnails under any circumstance. Servers MUST
|
||||||
NOT return a smaller thumbnail than requested, unless the original
|
NOT return a smaller thumbnail than requested, unless the original
|
||||||
content makes that impossible.
|
content makes that impossible.
|
||||||
|
|
||||||
#### Security considerations
|
#### Security considerations {id="content-repo-security-considerations"}
|
||||||
|
|
||||||
The HTTP GET endpoint does not require any authentication. Knowing the
|
The HTTP GET endpoint does not require any authentication. Knowing the
|
||||||
URL of the content is sufficient to retrieve the content, even if the
|
URL of the content is sufficient to retrieve the content, even if the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue