Michael[tm] Smith
d7cf63d981
Drop Origin & Accept from Access-Control-Allow-Headers value
...
This change drops the Origin and Accept header names from the
recommended value for the CORS Access-Control-Allow-Headers header. Per
the CORS protocol, it’s not necessary or useful to include them.
Per-spec at https://fetch.spec.whatwg.org/#forbidden-header-name , Origin
is a “forbidden header name” set by the browser and that frontend
JavaScript code is never allowed to set.
So the value of Access-Control-Allow-Headers isn’t relevant to Origin or
in general to other headers set by the browser itself — the browser
never ever consults the Access-Control-Allow-Headers value to confirm
that it’s OK for the request to include an Origin header.
And per-spec at https://fetch.spec.whatwg.org/#cors-safelisted-request-header ,
Accept is a “CORS-safelisted request-header”, which means that browsers
allow requests to contain the Accept header regardless of whether the
Access-Control-Allow-Headers value contains "Accept".
So it’s unnecessary for the Access-Control-Allow-Headers to explicitly
include Accept. Browsers will not perform a CORS preflight for requests
containing an Accept request header.
Related: Related: https://github.com/matrix-org/synapse/pull/10114
Signed-off-by: Michael[tm] Smith <mike@w3.org>
3 years ago
Hubert Chathi
f9c9fce1ad
Deprecate verifications that don't begin with a request.
3 years ago
Travis Ralston
466911b253
Merge pull request #3170 from matrix-org/travis/spec/msc2713-rm-v1-id
...
Remove v1 identity service API
3 years ago
Travis Ralston
c11efb35fe
Merge pull request #3163 from matrix-org/travis/spec/msc2858-multisso
...
Describe social-sign-on (multiple SSO providers)
3 years ago
Travis Ralston
2c3d7b1682
Apply suggestions from code review
...
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Travis Ralston
37c3a3f855
Remove v1 identity service API
...
Spec for https://github.com/matrix-org/matrix-doc/pull/2713
3 years ago
Travis Ralston
49a5ca3553
Downgrade identity server failure to FAIL_PROMPT instead of FAIL_ERROR
...
Spec for https://github.com/matrix-org/matrix-doc/pull/2284
3 years ago
Travis Ralston
457f3995af
Merge pull request #3154 from matrix-org/travis/spec/knock-knock-whos-there
...
Add knocking to the spec
3 years ago
Travis Ralston
3aa517a868
Clarify provider naming
3 years ago
Hubert Chathi
ec9ea2b6e3
Merge pull request #3149 from uhoreg/qr_codes_spec
...
Add spec for verification by QR codes.
3 years ago
Travis Ralston
cbd761df17
Apply suggestions from code review
...
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
3 years ago
Hubert Chathi
e9e0d8ee47
Merge pull request #3151 from uhoreg/single_ssss_spec
...
Document Single SSSS.
3 years ago
Travis Ralston
57f4347b5d
Fix general wording
3 years ago
Hubert Chathi
3084f3d32f
Merge pull request #3150 from uhoreg/verification_fixes
...
Make SAS outline fit with key verification in DM flow.
3 years ago
Travis Ralston
3b426846fe
Describe social-sign-on (multiple SSO providers)
...
Spec for [MSC2858](https://github.com/matrix-org/matrix-doc/pull/2858 )
3 years ago
Travis Ralston
fa6cc8a1ff
Add knocking to the spec
...
Spec for https://github.com/matrix-org/matrix-doc/pull/2998
Spec for https://github.com/matrix-org/matrix-doc/pull/2403
This deliberately does not help towards fixing https://github.com/matrix-org/matrix-doc/issues/3153 in order to remain consistent with prior room versions, and to keep the diff smaller on this change. A future change will address room version legibility.
3 years ago
Hubert Chathi
1a1f01234d
Apply suggestions from code review
...
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi
7a960375cc
Update content/client-server-api/modules/end_to_end_encryption.md
...
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi
ca37ada9e2
Document Single SSSS.
3 years ago
Hubert Chathi
bb06dbdb2a
Add information about using SSSS for cross-signing and key backup.
3 years ago
Hubert Chathi
f9dce3dfed
Add spec for verification by QR codes.
3 years ago
Hubert Chathi
fd5da297d8
Make SAS outline fit with key verification in DM flow.
3 years ago
Hubert Chathi
1638d2f32e
Apply suggestions from code review
...
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi
b5bdfffa53
spec verification in DMs and m.key.verification.ready/done
3 years ago
Travis Ralston
a855ed338b
Fix event size restriction ( #3127 )
...
Fixes https://github.com/matrix-org/matrix-doc/issues/3126
3 years ago
Travis Ralston
d0d6b77053
Merge pull request #3099 from matrix-org/travis/spec/MSC2801-untrusted-bodies
...
Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
3 years ago
Travis Ralston
208a0806dd
Merge pull request #3098 from matrix-org/travis/spec/r2-MSC2010-MSC2422-MSC2557-color-spoilers
...
Incorporate spoilers and `color` tag allowance
3 years ago
Travis Ralston
5d2cb50c58
Apply suggestions from code review
...
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
3 years ago
Travis Ralston
a0345ea0bb
Incorporate spoilers and `color` tag allowance
...
Specs [MSC2010](https://github.com/matrix-org/matrix-doc/pull/2010 )
Specs [MSC2557](https://github.com/matrix-org/matrix-doc/pull/2557 )
Specs [MSC2422](https://github.com/matrix-org/matrix-doc/pull/2422 )
Obsoletes https://github.com/matrix-org/matrix-doc/pull/2549
Built upon https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Travis Ralston
30f37f1e66
Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
...
Specs [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801 )
Based on https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Travis Ralston
228fcb8175
Allow <details> and <summary> in suggested HTML subset
...
Specs [MSC2184](https://github.com/matrix-org/matrix-doc/pull/2184 )
Based on https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
wbamberg
94f6cd21e3
Clarify the current situation wrt key derivation algorithms
...
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Will
a974bdaf45
Remove h7 and h8 headings
3 years ago
Will
3e03e7b17a
A few small fixes in /data and /content
3 years ago
Will
9a179038cc
Fix links to rendered APIs
3 years ago
Will
72ff5b92cb
Update content to call the new template for event definitions
3 years ago
Will
52f5e73a39
Update content to call the new template for HTTP APIs
3 years ago
Will
ea9fced092
Formatting fixes for the authentication section
4 years ago
Will
fd658f674f
Fix mangling of sub/superscript in e2e module
4 years ago
Will
183ecfda03
Replace sas-emojis template
4 years ago
Will
86152613b1
Remove changelog sections
4 years ago
Will
965f573c9e
Add example that went missing
4 years ago
Will
52745160f3
Use GFM table syntax instead of raw HTML
4 years ago
Will
f0a4f59bb0
Fix broken Markdown lists
4 years ago
Will
02a41edc76
Fix heading levels
4 years ago
Will
4e39200cfa
Fix internal links
4 years ago
Will
338434bfcd
Support alerts (notes, warnings, rationales)
4 years ago
Will
ab64bda76d
Add syntax highlighting
4 years ago
Will
6c6bd57ebf
Fix ASCII diagrams
4 years ago
Will
55aed1d296
Remove 'unstable' warning
4 years ago