archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MSC3550: Allow HTTP 403 as a response to profile lookups (#3550)

Browse Source 
* add 403 proposal

* add msc number to file and filename

* correctly use markdown

* requested changes

* add links

* specify error code

* Update proposals/3550-allow-403-response-profile-lookup.md

Co-authored-by: Travis Ralston <travisr@matrix.org>

* fix formatting typo

Co-authored-by: Travis Ralston <travisr@matrix.org>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
pull/3587/merge
Shay 2 years ago committed by GitHub
parent 87fcb7c8b0
commit 3ce9c1d288
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File

31
proposals/3550-allow-403-response-profile-lookup.md
Unescape Escape View File

@ -0,0 +1,31 @@
# MSC3550: Add HTTP 403 to possible profile lookup responses
# Background
In the current spec, the only response codes listed for [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
are `200` and `404`. However, some servers may not allow profile lookup over federation, and thus
respond to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid) with an HTTP 403.
For example, Synapse can be configured to behave in this way by setting:
```
allow_profile_lookup_over_federation=false
```
Thus, this behavior already exists in Synapse, and may cause issues for
clients such as [vector-im/element-web#17269](https://github.com/vector-im/element-web/issues/17269).
# Proposal
The proposal is to allow HTTP 403 as an option for responding to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
requests. Allowing HTTP 403 gives clients more specific information as to why a request has
failed, thus enabling more precise error handling. The 403 would be accompanied by an
`M_FORBIDDEN` error code.
# Potential Issues
The change to the spec may conflict with other existing server implementations.
# Alternatives
The spec could remain as-is and Synapse could alter its current behavior and return an HTTP
404 rather than 403 in this case.
# Security Considerations
None at this time.
Write Preview
Loading…
Cancel
Save