Patrick Cloke
7aeca9ccb6
Fix typo.
...
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
3 years ago
Patrick Cloke
1f7481bfbd
Fix typo.
...
Co-authored-by: Travis Ralston <travisr@matrix.org>
3 years ago
Patrick Cloke
48674a3353
Fix typo.
...
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Patrick Cloke
84178b1d39
Add notes about the via key and authorised servers being out of sync.
3 years ago
Patrick Cloke
75fc073bfc
Clarify implications of signing events.
3 years ago
Patrick Cloke
750be83313
Clarify what happens if a homeserver cannot verify membership.
3 years ago
Patrick Cloke
2749a95251
Use a different room version to specify changes in join rules.
3 years ago
Patrick Cloke
289c64035f
Pull note about ban & ACLs out of each join rule description.
3 years ago
Patrick Cloke
ba63bedec0
Clarify that signature checks only apply to joining users.
3 years ago
Patrick Cloke
2171d175e8
Clarify soft-failure is extension of current algorithm.
...
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
3 years ago
Patrick Cloke
3377d55c28
Fix typos.
...
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
3 years ago
Patrick Cloke
f4e2d925e3
Clarifications / simplifications.
3 years ago
Patrick Cloke
53bae34457
Remove the authorised servers list.
3 years ago
Patrick Cloke
d445b07855
Clarifications.
...
Co-authored-by: Jonathan de Jong <jonathandejong02@gmail.com>
3 years ago
Travis Ralston
e30a68a49e
Remove what appears to be leftover notes
3 years ago
Patrick Cloke
cd78eed3f1
Add a note about ensuring each allowed room has at least one server in it.
3 years ago
Travis Ralston
24fedc2299
Merge branch 'master' into hs/proposal-appservice-login
3 years ago
Patrick Cloke
e3692edd09
Remove via field.
3 years ago
Patrick Cloke
066f25fd82
Add a list of trusted servers.
3 years ago
Patrick Cloke
d63e39c4af
Handle feedback from Travis.
3 years ago
Patrick Cloke
4afe946def
Clarify security concerns.
3 years ago
Patrick Cloke
51650b63f2
Clarify auth rules for restrictedjoin rules.
3 years ago
Patrick Cloke
06f0d622a9
Clarify membership checking over federation.
3 years ago
Patrick Cloke
5d1bebedf0
Re-iterate that ban and server-acls matter.
3 years ago
Patrick Cloke
486026a711
Namespace the allow type.
3 years ago
Patrick Cloke
955160c750
Add a type field.
3 years ago
Patrick Cloke
5c6e76a63b
Space -> room.
3 years ago
Patrick Cloke
963aa40665
A bit less passive.
3 years ago
Patrick Cloke
31cdf835b8
Many clarifications.
3 years ago
Patrick Cloke
084e6225c5
Clarify an edge case.
3 years ago
Patrick Cloke
6919bbf80c
Remove bit about user IDs being listed directly.
3 years ago
Patrick Cloke
959c6aa816
Fix broken backlink.
3 years ago
Patrick Cloke
7994a1e85a
Remove spaces summary changes.
3 years ago
Patrick Cloke
ef02f82afb
Add more notes about edge-cases.
3 years ago
Patrick Cloke
6686696e66
Spacing.
3 years ago
Patrick Cloke
4051810241
Fill in the TODO about what how to mark access via spaces for the summary API.
3 years ago
Patrick Cloke
35ce0b8f91
More wrapping.
3 years ago
Patrick Cloke
933c50480c
Add notes from @madlittlemods.
3 years ago
Patrick Cloke
0992a4d60f
Update dependencies to include MSC3173.
3 years ago
Patrick Cloke
85003eb784
Clarify link.
3 years ago
Patrick Cloke
b2b21e986d
Rework bits about peeking.
3 years ago
Patrick Cloke
ebae487451
Update a placeholder.
3 years ago
Patrick Cloke
4143f9ddcb
Document the error response.
3 years ago
Patrick Cloke
f71e48c0ac
Include the proposed MSC.
3 years ago
Patrick Cloke
82c2ed6a47
Add pointer to draft.
3 years ago
Travis Ralston
5d4713f168
Changelog for https://github.com/matrix-org/matrix-doc/pull/3225
3 years ago
Travis Ralston
f433e07763
Merge pull request #3225 from sideshowbarker/client-server-api-Access-Control-Allow-Headers-drop-Options-Accept
...
Drop Origin & Accept from Access-Control-Allow-Headers value
3 years ago
Travis Ralston
efbccb6edd
Merge pull request #3228 from ilovecommits/patch-1
...
Correct 'once-off' to 'one-off'
3 years ago
Michael[tm] Smith
d7cf63d981
Drop Origin & Accept from Access-Control-Allow-Headers value
...
This change drops the Origin and Accept header names from the
recommended value for the CORS Access-Control-Allow-Headers header. Per
the CORS protocol, it’s not necessary or useful to include them.
Per-spec at https://fetch.spec.whatwg.org/#forbidden-header-name , Origin
is a “forbidden header name” set by the browser and that frontend
JavaScript code is never allowed to set.
So the value of Access-Control-Allow-Headers isn’t relevant to Origin or
in general to other headers set by the browser itself — the browser
never ever consults the Access-Control-Allow-Headers value to confirm
that it’s OK for the request to include an Origin header.
And per-spec at https://fetch.spec.whatwg.org/#cors-safelisted-request-header ,
Accept is a “CORS-safelisted request-header”, which means that browsers
allow requests to contain the Accept header regardless of whether the
Access-Control-Allow-Headers value contains "Accept".
So it’s unnecessary for the Access-Control-Allow-Headers to explicitly
include Accept. Browsers will not perform a CORS preflight for requests
containing an Accept request header.
Related: Related: https://github.com/matrix-org/synapse/pull/10114
Signed-off-by: Michael[tm] Smith <mike@w3.org>
3 years ago
Travis Ralston
e5b907021c
changelog for https://github.com/matrix-org/matrix-doc/pull/3254
3 years ago