This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
peeking doesn't work over federation #4236
Labels
A-Spec-Compliance
places where synapse does not conform to the spec
O-Occasional
Affects or can be seen by some users regularly or most users rarely
S-Minor
Blocks non-critical functionality, workarounds exist.
T-Defect
Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
T-Enhancement
New features, changes in functionality, improvements in performance, or user-facing enhancements.
Comments
jevolk
changed the title
|
Synapse bug, spec describes the correct behaviour. |
|
I think this is effectively a dup or very closely related to https://github.com/matrix-org/matrix-doc/issues/913. It's not clear what endpoints this bug is actually concerned about though (/sync, /events, or SS API queries?) |
richvdh
changed the title
clokep
added
the
A-Spec-Compliance
erikjohnston
added
S-Minor
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The specification states in 13.12
It goes on to say:
Exhibited Behavior
Synapse denies
world_readableinformation by imposing a condition which checks if the requesting server has at least one user joined to the room. It responds with the error:This is not
world_readableas specified. This check occurs on all relevant federation endpoints, making it impossible to access information about a room without joining at least one user. This exhibits asharedrather thanworld_readablevisibility.Proper Behavior
Synapse should not care whether a requesting server is joined to a room when it attempts to elicit information for events covered by a
world_readablevisibility state.Conclusion
As the reference implementation for the specification, this is a problem. Either this is an implementation error by synapse or this is an omission by the written specification. Should server implementations follow suit with synapse de facto or should they follow the specification de jure in contrast with it?
Furthermore, if this condition was implemented to mitigate a security vulnerability, spam or DoS vector, or even a performance problem: other implementations will surely fall victim to it, and the specification should not blindly lead them into doing so. In contrast, if a server developer believes the preceding statement might be true because this discrepancy merely exists, when it is not true, they will degrade the functionality of their server for no reason.
The text was updated successfully, but these errors were encountered: