From 1a6a0e4734390f8eb75d2d15ffb45618998b9833 Mon Sep 17 00:00:00 2001
From: Aaron Raimist <aaron@raim.ist>
Date: Thu, 6 May 2021 13:49:22 -0500
Subject: [PATCH] Remove change from FAIL_PROMPT to IGNORE

Signed-off-by: Aaron Raimist <aaron@raim.ist>
---
 proposals/2499-client-well-known-fixes.md | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/proposals/2499-client-well-known-fixes.md b/proposals/2499-client-well-known-fixes.md
index 3fc44c9bd..8bc9de56a 100644
--- a/proposals/2499-client-well-known-fixes.md
+++ b/proposals/2499-client-well-known-fixes.md
@@ -17,19 +17,6 @@ the client or server should follow HTTP 301, 302, 303, 307, and 308 redirects up
 SHOULD be `application/json` however it should be assumed to be JSON regardless of Content-Type.
 This is consistent with the Server-Server API.
 
-1. The Client-Server spec for looking up `/.well-known/matrix/client` currently states, in part:
-
-    > 3․ Make a GET request to https://hostname/.well-known/matrix/client.<br>
-	>>  a․ If the returned status code is 404, then `IGNORE`.<br>
-    >>  b․ If the returned status code is not 200, or the response body is empty, then `FAIL_PROMPT`.
-
-    In practice most web servers do not add CORS headers on 404 errors by default. Therefore
-    web based clients cannot always determine if the status code is 404. Step 3b should be 
-    changed from `FAIL_PROMPT` to `IGNORE` so that a non 200 response is treated in the same
-    way as 404. This change is intended to fix issues like https://github.com/vector-im/riot-web/issues/7875.
-  
-    This change does have potential security concerns, see https://github.com/vector-im/riot-web/issues/11136.
-
 1. Step 3f in the Client-Server well-known flow should be changed to use the modern
 `/_matrix/identity/v2` API to validate the identity server rather than the deprecated
 `/_matrix/identity/api/v1`.