Commit Graph

85 Commits (c5631b30b830274b938c480077b45143910027b4)

Author SHA1 Message Date
Travis Ralston f433e07763 Merge pull request #3225 from sideshowbarker/client-server-api-Access-Control-Allow-Headers-drop-Options-Accept
Drop Origin & Accept from Access-Control-Allow-Headers value
3 years ago
Michael[tm] Smith d7cf63d981 Drop Origin & Accept from Access-Control-Allow-Headers value
This change drops the Origin and Accept header names from the
recommended value for the CORS Access-Control-Allow-Headers header. Per
the CORS protocol, it’s not necessary or useful to include them.

Per-spec at https://fetch.spec.whatwg.org/#forbidden-header-name, Origin
is a “forbidden header name” set by the browser and that frontend
JavaScript code is never allowed to set.

So the value of Access-Control-Allow-Headers isn’t relevant to Origin or
in general to other headers set by the browser itself — the browser
never ever consults the Access-Control-Allow-Headers value to confirm
that it’s OK for the request to include an Origin header.

And per-spec at https://fetch.spec.whatwg.org/#cors-safelisted-request-header,
Accept is a “CORS-safelisted request-header”, which means that browsers
allow requests to contain the Accept header regardless of whether the
Access-Control-Allow-Headers value contains "Accept".

So it’s unnecessary for the Access-Control-Allow-Headers to explicitly
include Accept. Browsers will not perform a CORS preflight for requests
containing an Accept request header.

Related: Related: https://github.com/matrix-org/synapse/pull/10114

Signed-off-by: Michael[tm] Smith <mike@w3.org>
3 years ago
ilovecommits 175e3c157d Correct 'once-off' to 'one-off' 3 years ago
Travis Ralston 30654f70ee Merge pull request #3176 from matrix-org/travis/clarification/lowercasing
Case fold instead of lowercase
3 years ago
Hubert Chathi 221375b105 Merge pull request #3207 from toadjaune/patch-2
Fix a typo in event soft rejection schema
3 years ago
Travis Ralston 8b40972872 iterate 3 years ago
Hubert Chathi 586c4d865a Fix broken ASCII art 3 years ago
Travis Ralston 21a132d3a5 Merge branch 'master' into travis/clarification/lowercasing 3 years ago
Hubert Chathi f9c9fce1ad Deprecate verifications that don't begin with a request. 3 years ago
Arnaud Venturi 0d275cc739 Fix a typo in event soft rejection schema
Signed-off-by: Arnaud Venturi <github@toadjaune.eu>
3 years ago
Travis Ralston 4cb667ca27 Case fold instead of lowercase
Fixes https://github.com/matrix-org/matrix-doc/issues/3175
3 years ago
Andrew Morgan fca6992cd9 Clarify that implementations can use stable prefixes once an MSC has merged (#3179)
Fixes #3146.

This PR changes the Matrix Spec Proposals page to clarify that implementations **do not** need to wait until a spec release to use stable prefixes, but that they can do so after the corresponding MSC has been merged. The justification is that once an MSC has been merged, it's fairly guaranteed that it will land in the spec. Yet it will take time for the spec release process to run its course, and we shouldn't make implementations wait for that.

The exception to this is if implementating a feature in a backwards-compatible way requires a new spec version to indicate to clients/servers that a feature has been added/changed. This situation is rare though, and most implementations won't fall into this category.
3 years ago
Andrew Morgan 5d0d5a3981 Clarify what happens when a concern is raised during FCP (#3180)
It wasn't entirely clear what should happen to the FCP timer (and state) when a concern is raised during FCP. After some discussion, we agreed that when a concern is raised:

1. FCP will continue to not conclude until at least 5 days have passed, but once those 5 days are up it *still* won't conclude until all concerns raised during FCP are resolved.
2. If a concern warrants a large enough change in the document, then the Spec Core Team may consider cancelling FCP and restarting the timer in order for people to have some time to think about and review the new changes.
3 years ago
Travis Ralston a5fea91d86 Merge pull request #3177 from matrix-org/travis/spec/spaces-groups-rm
Remove group identifiers
3 years ago
Travis Ralston 3d217e0de0 Merge pull request #3101 from matrix-org/travis/spec/MSC2320-identity-versions
Add identity service versions API
3 years ago
Travis Ralston 3c01fa4681 Remove group identifiers
Groups are replaced by https://github.com/matrix-org/matrix-doc/pull/1772 and this probably shouldn't have made it into the spec in the first place without the remaining context of Groups.
3 years ago
Travis Ralston c11efb35fe Merge pull request #3163 from matrix-org/travis/spec/msc2858-multisso
Describe social-sign-on (multiple SSO providers)
3 years ago
Travis Ralston fb3dde1c2c Merge pull request #3167 from matrix-org/travis/spec/msc2265-lower-3pid
Specify that email handling converts to lowercase first
3 years ago
Travis Ralston 466911b253 Merge pull request #3170 from matrix-org/travis/spec/msc2713-rm-v1-id
Remove v1 identity service API
3 years ago
Travis Ralston 2c3d7b1682 Apply suggestions from code review
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Travis Ralston 53833d49a5 Spelling 3 years ago
Travis Ralston 37c3a3f855 Remove v1 identity service API
Spec for https://github.com/matrix-org/matrix-doc/pull/2713
3 years ago
Travis Ralston 49a5ca3553 Downgrade identity server failure to FAIL_PROMPT instead of FAIL_ERROR
Spec for https://github.com/matrix-org/matrix-doc/pull/2284
3 years ago
Travis Ralston fc6aa30000 Merge branch 'master' into travis/spec/MSC2320-identity-versions 3 years ago
Travis Ralston 3aa517a868 Clarify provider naming 3 years ago
Travis Ralston 7cef7d0fcf Specify that email handling converts to lowercase first
Spec for https://github.com/matrix-org/matrix-doc/pull/2265
3 years ago
Travis Ralston 457f3995af Merge pull request #3154 from matrix-org/travis/spec/knock-knock-whos-there
Add knocking to the spec
3 years ago
Travis Ralston cbd761df17 Apply suggestions from code review
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
3 years ago
Hubert Chathi ec9ea2b6e3 Merge pull request #3149 from uhoreg/qr_codes_spec
Add spec for verification by QR codes.
3 years ago
Travis Ralston be86e638c5 Add identity service versions API
Specs [MSC2320](https://github.com/matrix-org/matrix-doc/pull/2320)
Built upon https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Hubert Chathi e9e0d8ee47 Merge pull request #3151 from uhoreg/single_ssss_spec
Document Single SSSS.
3 years ago
Travis Ralston 57f4347b5d Fix general wording 3 years ago
Hubert Chathi 3084f3d32f Merge pull request #3150 from uhoreg/verification_fixes
Make SAS outline fit with key verification in DM flow.
3 years ago
Travis Ralston 3b426846fe Describe social-sign-on (multiple SSO providers)
Spec for [MSC2858](https://github.com/matrix-org/matrix-doc/pull/2858)
3 years ago
Travis Ralston fa6cc8a1ff Add knocking to the spec
Spec for https://github.com/matrix-org/matrix-doc/pull/2998
Spec for https://github.com/matrix-org/matrix-doc/pull/2403

This deliberately does not help towards fixing https://github.com/matrix-org/matrix-doc/issues/3153 in order to remain consistent with prior room versions, and to keep the diff smaller on this change. A future change will address room version legibility.
3 years ago
Hubert Chathi 1a1f01234d Apply suggestions from code review
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi 7a960375cc Update content/client-server-api/modules/end_to_end_encryption.md
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi ca37ada9e2 Document Single SSSS. 3 years ago
Hubert Chathi bb06dbdb2a Add information about using SSSS for cross-signing and key backup. 3 years ago
Hubert Chathi f9dce3dfed Add spec for verification by QR codes. 3 years ago
Hubert Chathi fd5da297d8 Make SAS outline fit with key verification in DM flow. 3 years ago
Hubert Chathi 1638d2f32e Apply suggestions from code review
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi b5bdfffa53 spec verification in DMs and m.key.verification.ready/done 3 years ago
Travis Ralston a855ed338b Fix event size restriction (#3127)
Fixes https://github.com/matrix-org/matrix-doc/issues/3126
3 years ago
Travis Ralston d0d6b77053 Merge pull request #3099 from matrix-org/travis/spec/MSC2801-untrusted-bodies
Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
3 years ago
Travis Ralston 208a0806dd Merge pull request #3098 from matrix-org/travis/spec/r2-MSC2010-MSC2422-MSC2557-color-spoilers
Incorporate spoilers and `color` tag allowance
3 years ago
Travis Ralston 5d2cb50c58 Apply suggestions from code review
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
3 years ago
Travis Ralston a0345ea0bb Incorporate spoilers and `color` tag allowance
Specs [MSC2010](https://github.com/matrix-org/matrix-doc/pull/2010)
Specs [MSC2557](https://github.com/matrix-org/matrix-doc/pull/2557)
Specs [MSC2422](https://github.com/matrix-org/matrix-doc/pull/2422)
Obsoletes https://github.com/matrix-org/matrix-doc/pull/2549
Built upon https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Travis Ralston 30f37f1e66 Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
Specs [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801)
Based on https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Travis Ralston 228fcb8175 Allow <details> and <summary> in suggested HTML subset
Specs [MSC2184](https://github.com/matrix-org/matrix-doc/pull/2184)
Based on https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago