From 40538c16f1ea8e51b296ac9e299cce4adaf388eb Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Mon, 18 Nov 2024 16:11:04 -0700 Subject: [PATCH] it's an implementation detail to decide when to error --- proposals/4228-search-redirection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/4228-search-redirection.md b/proposals/4228-search-redirection.md index 14751ff47..1d90f25b7 100644 --- a/proposals/4228-search-redirection.md +++ b/proposals/4228-search-redirection.md @@ -53,6 +53,8 @@ For the federation endpoint specifically, the local user SHOULD have the remote straight through to them, however some implementations may prefer to replace the error before serving it to their users. This can help reduce the potential of remote Cross-Server Scripting (XSS) attacks. +When to return `403 M_FORBIDDEN` is left as an implementation detail. + ### Example A user makes a request to `/_matrix/client/v3/publicRooms` with a search term of `something illegal`.