Fix auth rules of redactions in v3

pull/977/head
Travis Ralston 6 years ago
parent ad64af3f01
commit 48912a7320

@ -100,15 +100,17 @@ to the change in event format:
is no domain in the event ID), but still needs to be signed by the sender's is no domain in the event ID), but still needs to be signed by the sender's
domain. domain.
* Previously, redactions were allowed if the sender's domain matched the domain * In past room versions, redactions were only permitted to enter the DAG if the
in the event ID it was redacting, allowing self redaction. Due to changes in sender's domain matched the domain in the event ID being redacted, or the sender
the event format, this check is now impossible to do. Instead, servers should had appropriate permissions per the power levels. Due to servers now not being
allow redactions from servers of the same origin to redact other events as a able to determine where an event came from during event authorization, redaction
self-redaction mechanism. The rules for allowing other servers to redact events events are always accepted (provided the event is allowed by ``events`` and
(as done by moderators) is unchanged. Redaction events only take effect when ``events_default`` in the power levels). However, servers should not apply or send
the original event is received, and the domain of the each event matches. redactions to clients until both the redaction event and original event have been
Servers should not send redactions down to clients until the redaction has seen, and are valid. Servers should only apply redactions to events where the
taken effect. origin sender's domains match, or the sender has the appropriate permissions per
the power levels.
The remaining rules are the same as room version 1. The remaining rules are the same as room version 1.

Loading…
Cancel
Save