-
-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add missing 403 responses on profile endpoints #1867
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add missing 403 response on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname`. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add missing 403 response on `/query/profile`. |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -170,6 +170,20 @@ paths: | |
"displayname": "John Doe", | ||
"avatar_url": "mxc://matrix.org/MyC00lAvatar" | ||
} | ||
"403": | ||
x-addedInMatrixVersion: "1.2" | ||
description: The server is unwilling to disclose whether the user exists and/or | ||
has a display name. | ||
content: | ||
application/json: | ||
schema: | ||
$ref: ../client-server/definitions/errors/error.yaml | ||
examples: | ||
response: | ||
value: { | ||
"errcode": "M_FORBIDDEN", | ||
"error": "Profile lookup over federation is disabled on this homeserver" | ||
} | ||
Comment on lines
+173
to
+186
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. actually: given MSC3550 didn't mention the federation API at all, making this change without an MSC seems like a bit of a stretch. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. (and while we're at it maybe we should discuss the additional client endpoints too, since they weren't technically covered by the MSC or the original spec PR) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
It mentions that the reason the MSC is being written is for requests over federation, but then doesn't mention the federation endpoints at all. I'm a bit torn on it. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am (not eager but definitely) willing to put up a short MSC for this. I would like to ensure that it's time well spent though. So I'll hold off of doing anything until you've found an agreement on whether an MSC is needed or not. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We discussed it briefly at the time of richvdh's comment, and I think the thread here captures that discussion well. It feels like it needs an MSC because it's relatively unclear what the original MSC's intended scope was. As a formality, my vote is +1.0 to needing an MSC because the intention and history are different stories. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, makes sense. I'll try and put something together next week. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This PR is now blocked on matrix-org/matrix-spec-proposals#4170. |
||
"404": | ||
description: The user does not exist or does not have a profile. | ||
content: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know if this is correct but technically we're clarifying the 403 response introduced in Matrix v1.2.