archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dbkr/msc4178
main
release/v1.12
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '224773dc6a'
${ noResults }
matrix-spec/proposals/3550-allow-403-response-pro...

32 lines
1.5 KiB
Markdown
Raw Normal View History Unescape Escape

MSC3550: Allow HTTP 403 as a response to profile lookups (#3550) * add 403 proposal * add msc number to file and filename * correctly use markdown * requested changes * add links * specify error code * Update proposals/3550-allow-403-response-profile-lookup.md Co-authored-by: Travis Ralston <travisr@matrix.org> * fix formatting typo Co-authored-by: Travis Ralston <travisr@matrix.org> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
3 years ago
# MSC3550: Add HTTP 403 to possible profile lookup responses
# Background
In the current spec, the only response codes listed for [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
are `200` and `404`. However, some servers may not allow profile lookup over federation, and thus
respond to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid) with an HTTP 403.
For example, Synapse can be configured to behave in this way by setting:
```
allow_profile_lookup_over_federation=false
```
Thus, this behavior already exists in Synapse, and may cause issues for
clients such as [vector-im/element-web#17269](https://github.com/vector-im/element-web/issues/17269).
# Proposal
The proposal is to allow HTTP 403 as an option for responding to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
requests. Allowing HTTP 403 gives clients more specific information as to why a request has
failed, thus enabling more precise error handling. The 403 would be accompanied by an
`M_FORBIDDEN` error code.
# Potential Issues
The change to the spec may conflict with other existing server implementations.
# Alternatives
The spec could remain as-is and Synapse could alter its current behavior and return an HTTP
404 rather than 403 in this case.
# Security Considerations
None at this time.