|
|
|
@ -98,6 +98,12 @@ caveat that servers must ensure that:
|
|
|
|
content with the key `join_authorised_via_users_server`. The actual user
|
|
|
|
content with the key `join_authorised_via_users_server`. The actual user
|
|
|
|
chosen is arbitrary.
|
|
|
|
chosen is arbitrary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This creates a new restriction on the relationship between the resident
|
|
|
|
|
|
|
|
servers used for `/make_join` and `/send_join` -- they must now both go to
|
|
|
|
|
|
|
|
the same server (since the `join_authorised_via_users_server` is added in
|
|
|
|
|
|
|
|
the call to `/make_join`, while the final signature is added during
|
|
|
|
|
|
|
|
the call to `/send_join`).
|
|
|
|
|
|
|
|
|
|
|
|
Note that the homeservers whose users can issue invites are trusted to confirm
|
|
|
|
Note that the homeservers whose users can issue invites are trusted to confirm
|
|
|
|
that the `allow` rules were properly checked (since this cannot easily be
|
|
|
|
that the `allow` rules were properly checked (since this cannot easily be
|
|
|
|
enforced over federation by event authorisation).<sup id="a4">[4](#f4)</sup>
|
|
|
|
enforced over federation by event authorisation).<sup id="a4">[4](#f4)</sup>
|
|
|
|
|
Patrick Cloke
3 years ago
committed by