Merge pull request #2343 from matrix-org/travis/spec/fix-2120

Recommend that clients don't preview URLs in encrypted rooms
5 years ago · 8e6e47ae7d
parent cca92ea4f5 f012da17a1
commit 8e6e47ae7d
2 changed files with 11 additions and 0 deletions
--- a/api/client-server/content-repo.yaml
+++ b/api/client-server/content-repo.yaml
@ -340,6 +340,16 @@ paths:
  "/preview_url":
    get:
      summary: "Get information about a URL for a client"
+      description: |-
+        Get information about a URL for the client. Typically this is called when a
+        client sees a URL in a message and wants to render a preview for the user.
+
+        .. Note::
+          Clients should consider avoiding this endpoint for URLs posted in encrypted
+          rooms. Encrypted rooms often contain more sensitive information the users
+          do not want to share with the homeserver, and this can mean that the URLs
+          being shared should also not be shared with the homeserver.
+
      operationId: getUrlPreview
      produces: ["application/json"]
      security:
--- a/changelogs/client_server/newsfragments/2343.clarification
+++ b/changelogs/client_server/newsfragments/2343.clarification
@ -0,0 +1 @@
+Clarify that clients should consider not requesting URL previews in encrypted rooms.
				`@ -0,0 +1 @@`
				`Clarify that clients should consider not requesting URL previews in encrypted rooms.`