Commit Graph

6087 Commits (5be0df02c59aff880d12d83b9c1d94f5560a65cb)
 

Author SHA1 Message Date
Patrick Cloke e93accf198 Remove extraneous paragraph. 3 years ago
Patrick Cloke 7aeca9ccb6 Fix typo.
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
3 years ago
Patrick Cloke 1f7481bfbd Fix typo.
Co-authored-by: Travis Ralston <travisr@matrix.org>
3 years ago
Patrick Cloke 48674a3353 Fix typo.
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Patrick Cloke 84178b1d39 Add notes about the via key and authorised servers being out of sync. 3 years ago
Patrick Cloke 75fc073bfc Clarify implications of signing events. 3 years ago
Patrick Cloke 750be83313 Clarify what happens if a homeserver cannot verify membership. 3 years ago
Patrick Cloke 2749a95251 Use a different room version to specify changes in join rules. 3 years ago
Patrick Cloke 289c64035f Pull note about ban & ACLs out of each join rule description. 3 years ago
Patrick Cloke ba63bedec0 Clarify that signature checks only apply to joining users. 3 years ago
Patrick Cloke 2171d175e8 Clarify soft-failure is extension of current algorithm.
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
3 years ago
Patrick Cloke 3377d55c28 Fix typos.
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
3 years ago
Patrick Cloke f4e2d925e3 Clarifications / simplifications. 3 years ago
Patrick Cloke 53bae34457 Remove the authorised servers list. 3 years ago
Patrick Cloke d445b07855 Clarifications.
Co-authored-by: Jonathan de Jong <jonathandejong02@gmail.com>
3 years ago
Travis Ralston e30a68a49e Remove what appears to be leftover notes 3 years ago
Patrick Cloke cd78eed3f1 Add a note about ensuring each allowed room has at least one server in it. 3 years ago
Travis Ralston 24fedc2299 Merge branch 'master' into hs/proposal-appservice-login 3 years ago
Patrick Cloke e3692edd09 Remove via field. 3 years ago
Patrick Cloke 066f25fd82 Add a list of trusted servers. 3 years ago
Patrick Cloke d63e39c4af Handle feedback from Travis. 3 years ago
Patrick Cloke 4afe946def Clarify security concerns. 3 years ago
Patrick Cloke 51650b63f2 Clarify auth rules for restrictedjoin rules. 3 years ago
Patrick Cloke 06f0d622a9 Clarify membership checking over federation. 3 years ago
Patrick Cloke 5d1bebedf0 Re-iterate that ban and server-acls matter. 3 years ago
Patrick Cloke 486026a711 Namespace the allow type. 3 years ago
Patrick Cloke 955160c750 Add a type field. 3 years ago
Patrick Cloke 5c6e76a63b Space -> room. 3 years ago
Patrick Cloke 963aa40665 A bit less passive. 3 years ago
Patrick Cloke 31cdf835b8 Many clarifications. 3 years ago
Patrick Cloke 084e6225c5 Clarify an edge case. 3 years ago
Patrick Cloke 6919bbf80c Remove bit about user IDs being listed directly. 3 years ago
Patrick Cloke 959c6aa816 Fix broken backlink. 3 years ago
Patrick Cloke 7994a1e85a Remove spaces summary changes. 3 years ago
Patrick Cloke ef02f82afb Add more notes about edge-cases. 3 years ago
Patrick Cloke 6686696e66 Spacing. 3 years ago
Patrick Cloke 4051810241 Fill in the TODO about what how to mark access via spaces for the summary API. 3 years ago
Patrick Cloke 35ce0b8f91 More wrapping. 3 years ago
Patrick Cloke 933c50480c Add notes from @madlittlemods. 3 years ago
Patrick Cloke 0992a4d60f Update dependencies to include MSC3173. 3 years ago
Patrick Cloke 85003eb784 Clarify link. 3 years ago
Patrick Cloke b2b21e986d Rework bits about peeking. 3 years ago
Patrick Cloke ebae487451 Update a placeholder. 3 years ago
Patrick Cloke 4143f9ddcb Document the error response. 3 years ago
Patrick Cloke f71e48c0ac Include the proposed MSC. 3 years ago
Patrick Cloke 82c2ed6a47 Add pointer to draft. 3 years ago
Travis Ralston 5d4713f168 Changelog for https://github.com/matrix-org/matrix-doc/pull/3225 3 years ago
Travis Ralston f433e07763 Merge pull request #3225 from sideshowbarker/client-server-api-Access-Control-Allow-Headers-drop-Options-Accept
Drop Origin & Accept from Access-Control-Allow-Headers value
3 years ago
Travis Ralston efbccb6edd Merge pull request #3228 from ilovecommits/patch-1
Correct 'once-off' to 'one-off'
3 years ago
Michael[tm] Smith d7cf63d981 Drop Origin & Accept from Access-Control-Allow-Headers value
This change drops the Origin and Accept header names from the
recommended value for the CORS Access-Control-Allow-Headers header. Per
the CORS protocol, it’s not necessary or useful to include them.

Per-spec at https://fetch.spec.whatwg.org/#forbidden-header-name, Origin
is a “forbidden header name” set by the browser and that frontend
JavaScript code is never allowed to set.

So the value of Access-Control-Allow-Headers isn’t relevant to Origin or
in general to other headers set by the browser itself — the browser
never ever consults the Access-Control-Allow-Headers value to confirm
that it’s OK for the request to include an Origin header.

And per-spec at https://fetch.spec.whatwg.org/#cors-safelisted-request-header,
Accept is a “CORS-safelisted request-header”, which means that browsers
allow requests to contain the Accept header regardless of whether the
Access-Control-Allow-Headers value contains "Accept".

So it’s unnecessary for the Access-Control-Allow-Headers to explicitly
include Accept. Browsers will not perform a CORS preflight for requests
containing an Accept request header.

Related: Related: https://github.com/matrix-org/synapse/pull/10114

Signed-off-by: Michael[tm] Smith <mike@w3.org>
3 years ago