From c74befd111aeb245c72cc98f854d04cd58aa1ab9 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Tue, 13 May 2025 15:34:39 +0200 Subject: [PATCH] Clarify the meaning of "public rooms" for profile look-ups (#2101) --- .../client_server/newsfragments/2101.clarification | 1 + content/client-server-api/_index.md | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 changelogs/client_server/newsfragments/2101.clarification diff --git a/changelogs/client_server/newsfragments/2101.clarification b/changelogs/client_server/newsfragments/2101.clarification new file mode 100644 index 00000000..fa84c41c --- /dev/null +++ b/changelogs/client_server/newsfragments/2101.clarification @@ -0,0 +1 @@ +"Public" rooms in profile look-ups are defined through their join rule and history visibility. diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md index f2de85de..0b2a8346 100644 --- a/content/client-server-api/_index.md +++ b/content/client-server-api/_index.md @@ -2862,10 +2862,15 @@ re-invited. #### Server behaviour -Homeservers MUST at a minimum allow profile look-up for: +Homeservers MUST at a minimum allow profile look-up for users who are +visible to the requester based on their membership in rooms known to the +homeserver. This means: - users that share a room with the requesting user -- users that reside in public rooms known to the homeserver +- users who are joined to rooms known to the homeserver that have a + `public` [join rule](#mroomjoin_rules) +- users who are joined to rooms known to the homeserver that have a + `world_readable` [history visibility](#room-history-visibility) In all other cases, homeservers MAY deny profile look-up by responding with 403 and an error code of `M_FORBIDDEN`.