Commit Graph

55 Commits (cdcc24af11caf6a421fefc04a1e6ba47767b1417)

Author SHA1 Message Date
Michael[tm] Smith d7cf63d981 Drop Origin & Accept from Access-Control-Allow-Headers value
This change drops the Origin and Accept header names from the
recommended value for the CORS Access-Control-Allow-Headers header. Per
the CORS protocol, it’s not necessary or useful to include them.

Per-spec at https://fetch.spec.whatwg.org/#forbidden-header-name, Origin
is a “forbidden header name” set by the browser and that frontend
JavaScript code is never allowed to set.

So the value of Access-Control-Allow-Headers isn’t relevant to Origin or
in general to other headers set by the browser itself — the browser
never ever consults the Access-Control-Allow-Headers value to confirm
that it’s OK for the request to include an Origin header.

And per-spec at https://fetch.spec.whatwg.org/#cors-safelisted-request-header,
Accept is a “CORS-safelisted request-header”, which means that browsers
allow requests to contain the Accept header regardless of whether the
Access-Control-Allow-Headers value contains "Accept".

So it’s unnecessary for the Access-Control-Allow-Headers to explicitly
include Accept. Browsers will not perform a CORS preflight for requests
containing an Accept request header.

Related: Related: https://github.com/matrix-org/synapse/pull/10114

Signed-off-by: Michael[tm] Smith <mike@w3.org>
3 years ago
Hubert Chathi f9c9fce1ad Deprecate verifications that don't begin with a request. 3 years ago
Travis Ralston 466911b253 Merge pull request #3170 from matrix-org/travis/spec/msc2713-rm-v1-id
Remove v1 identity service API
3 years ago
Travis Ralston c11efb35fe Merge pull request #3163 from matrix-org/travis/spec/msc2858-multisso
Describe social-sign-on (multiple SSO providers)
3 years ago
Travis Ralston 2c3d7b1682 Apply suggestions from code review
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Travis Ralston 37c3a3f855 Remove v1 identity service API
Spec for https://github.com/matrix-org/matrix-doc/pull/2713
3 years ago
Travis Ralston 49a5ca3553 Downgrade identity server failure to FAIL_PROMPT instead of FAIL_ERROR
Spec for https://github.com/matrix-org/matrix-doc/pull/2284
3 years ago
Travis Ralston 457f3995af Merge pull request #3154 from matrix-org/travis/spec/knock-knock-whos-there
Add knocking to the spec
3 years ago
Travis Ralston 3aa517a868 Clarify provider naming 3 years ago
Hubert Chathi ec9ea2b6e3 Merge pull request #3149 from uhoreg/qr_codes_spec
Add spec for verification by QR codes.
3 years ago
Travis Ralston cbd761df17 Apply suggestions from code review
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
3 years ago
Hubert Chathi e9e0d8ee47 Merge pull request #3151 from uhoreg/single_ssss_spec
Document Single SSSS.
3 years ago
Travis Ralston 57f4347b5d Fix general wording 3 years ago
Hubert Chathi 3084f3d32f Merge pull request #3150 from uhoreg/verification_fixes
Make SAS outline fit with key verification in DM flow.
3 years ago
Travis Ralston 3b426846fe Describe social-sign-on (multiple SSO providers)
Spec for [MSC2858](https://github.com/matrix-org/matrix-doc/pull/2858)
3 years ago
Travis Ralston fa6cc8a1ff Add knocking to the spec
Spec for https://github.com/matrix-org/matrix-doc/pull/2998
Spec for https://github.com/matrix-org/matrix-doc/pull/2403

This deliberately does not help towards fixing https://github.com/matrix-org/matrix-doc/issues/3153 in order to remain consistent with prior room versions, and to keep the diff smaller on this change. A future change will address room version legibility.
3 years ago
Hubert Chathi 1a1f01234d Apply suggestions from code review
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi 7a960375cc Update content/client-server-api/modules/end_to_end_encryption.md
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi ca37ada9e2 Document Single SSSS. 3 years ago
Hubert Chathi bb06dbdb2a Add information about using SSSS for cross-signing and key backup. 3 years ago
Hubert Chathi f9dce3dfed Add spec for verification by QR codes. 3 years ago
Hubert Chathi fd5da297d8 Make SAS outline fit with key verification in DM flow. 3 years ago
Hubert Chathi 1638d2f32e Apply suggestions from code review
Co-authored-by: Travis Ralston <travpc@gmail.com>
3 years ago
Hubert Chathi b5bdfffa53 spec verification in DMs and m.key.verification.ready/done 3 years ago
Travis Ralston a855ed338b Fix event size restriction (#3127)
Fixes https://github.com/matrix-org/matrix-doc/issues/3126
3 years ago
Travis Ralston d0d6b77053 Merge pull request #3099 from matrix-org/travis/spec/MSC2801-untrusted-bodies
Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
3 years ago
Travis Ralston 208a0806dd Merge pull request #3098 from matrix-org/travis/spec/r2-MSC2010-MSC2422-MSC2557-color-spoilers
Incorporate spoilers and `color` tag allowance
3 years ago
Travis Ralston 5d2cb50c58 Apply suggestions from code review
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
3 years ago
Travis Ralston a0345ea0bb Incorporate spoilers and `color` tag allowance
Specs [MSC2010](https://github.com/matrix-org/matrix-doc/pull/2010)
Specs [MSC2557](https://github.com/matrix-org/matrix-doc/pull/2557)
Specs [MSC2422](https://github.com/matrix-org/matrix-doc/pull/2422)
Obsoletes https://github.com/matrix-org/matrix-doc/pull/2549
Built upon https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Travis Ralston 30f37f1e66 Sprinkle some DANGER: UNSAFE warnings over the spec about event bodies
Specs [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801)
Based on https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
Travis Ralston 228fcb8175 Allow <details> and <summary> in suggested HTML subset
Specs [MSC2184](https://github.com/matrix-org/matrix-doc/pull/2184)
Based on https://github.com/matrix-org/matrix-doc/pull/3094
3 years ago
wbamberg 94f6cd21e3 Clarify the current situation wrt key derivation algorithms
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago
Will a974bdaf45 Remove h7 and h8 headings 3 years ago
Will 3e03e7b17a A few small fixes in /data and /content 3 years ago
Will 9a179038cc Fix links to rendered APIs 3 years ago
Will 72ff5b92cb Update content to call the new template for event definitions 3 years ago
Will 52f5e73a39 Update content to call the new template for HTTP APIs 3 years ago
Will ea9fced092
Formatting fixes for the authentication section 4 years ago
Will fd658f674f
Fix mangling of sub/superscript in e2e module 4 years ago
Will 183ecfda03
Replace sas-emojis template 4 years ago
Will 86152613b1
Remove changelog sections 4 years ago
Will 965f573c9e
Add example that went missing 4 years ago
Will 52745160f3
Use GFM table syntax instead of raw HTML 4 years ago
Will f0a4f59bb0
Fix broken Markdown lists 4 years ago
Will 02a41edc76
Fix heading levels 4 years ago
Will 4e39200cfa
Fix internal links 4 years ago
Will 338434bfcd
Support alerts (notes, warnings, rationales) 4 years ago
Will ab64bda76d
Add syntax highlighting 4 years ago
Will 6c6bd57ebf
Fix ASCII diagrams 4 years ago
Will 55aed1d296
Remove 'unstable' warning 4 years ago