Spec for MSC4402: Consistent redirects for .well-known-files

Signed-off-by: Hagen Echzell <hagene@uio.no>
This commit is contained in:
Hagen Echzell 2026-06-22 15:33:31 +02:00
parent 9e06ec46d4
commit c796f35280
No known key found for this signature in database
2 changed files with 9 additions and 2 deletions

View file

@ -429,6 +429,7 @@ Instead, they can be reached via HTTPS on the [server name](/appendices/#server-
Servers hosting the `.well-known` JSON file SHOULD offer CORS headers,
as per the [CORS](#web-browser-clients) section in this specification.
Servers SHOULD also ensure that each 30x redirect, if any, offers such CORS headers.
{{% /boxes/note %}}
The flow for auto-discovery is as follows:
@ -436,7 +437,8 @@ The flow for auto-discovery is as follows:
1. Extract the [server name](/appendices/#server-name) from the user's Matrix ID by splitting the
Matrix ID at the first colon.
2. Extract the hostname from the server name as described by the [grammar](/appendices/#server-name).
3. Make a GET request to `https://hostname/.well-known/matrix/client`.
3. Make a GET request to `https://hostname/.well-known/matrix/client`. 30x redirects should be followed,
however redirection loops should be avoided.
1. If the returned status code is 404, then `IGNORE`.
2. If the returned status code is not 200, or the response body is
empty, then `FAIL_PROMPT`.

View file

@ -1,4 +1,5 @@
# Copyright 2018 New Vector Ltd
# Copyright 2026 Hagen Echzell
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -20,7 +21,11 @@ paths:
get:
summary: Gets Matrix server discovery information about the domain.
description: |-
Gets discovery information about the domain. The file may include
Gets discovery information about the domain. Clients should follow 30x
redirects, carefully avoiding redirect loops, and use normal X.509
certificate validation.
The file may include
additional keys, which MUST follow the Java package naming convention,
e.g. `com.example.myapp.property`. This ensures property names are
suitably namespaced for each application and reduces the risk of