MSC2499: Fixes for Well-known URIs #2499
Conversation
aaronraimist
changed the title
aaronraimist
force-pushed
the
fix-client-well-known
branch
from
78d3a47 to
9270c4c
Compare
Signed-off-by: Aaron Raimist <aaron@raim.ist>
aaronraimist
force-pushed
the
fix-client-well-known
branch
from
9270c4c to
2f19796
Compare
turt2live
added
proposal-in-review
kind:maintenance
KitsuneRal
left a comment
KitsuneRal
left a comment
There was a problem hiding this comment.
Generally ok except one small addition, please.
aaronraimist
changed the title
Signed-off-by: Aaron Raimist <aaron@raim.ist>
| 1. The maximum size of size of the well-known file is 51200 bytes. A client or server | ||
| requesting a well-known file MUST abort and FAIL_PROMPT if the response exceeds 51200 bytes. No newline at end of file |
There was a problem hiding this comment.
This isn't a super realistic thing that can be applied by clients: if the server admin has configured the server so badly that a 10gb JSON file is being served then so be it. It's just not in the server admin's interest to attack bandwidth in this way given the costs they would be incurring from their ISP/service provider.
There was a problem hiding this comment.
At least for native clients (and servers) it's fairly easy to abort on 51201st byte but FAIL_PROMPT looks a bit dubious here: should the client re-request .well-known or rather just continue (rather than abort) receiving the payload after confirming with the user? And yes, generally there's no incentive to attack in that way of course; but a recommendation to protect receiving sides from such misconfigurations wouldn't hurt, would it? Maybe not as MUST but as SHOULD.
There was a problem hiding this comment.
I'm not convinced that this endpoint specifically needs this recommendation though: surely we should be applying this to all endpoints like profiles, sync, etc...
It feels like another MSC's problem.
There was a problem hiding this comment.
That's fine, I can leave it to another MSC. The main reason for including it here is because Synapse has already implemented this limit for the server well-known so a well-known bigger than that already isn't going to work with most servers. If it was specced then at least people could expect there is some reasonable limit on the size.
There was a problem hiding this comment.
I would be a bit surprised if people expected 1mb json files to work for this use case, honestly. I think it's reasonable for clients/servers to impose their own limits, and iirc Synapse only really limited the JSON file size on server-server because federation has tiny timeouts (typically), so read delays are not ideal.
Signed-off-by: Aaron Raimist <aaron@raim.ist>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Signed-off-by: Aaron Raimist <aaron@raim.ist>
turt2live
added
the
needs-implementation
Signed-off-by: Aaron Raimist <aaron@raim.ist>
Co-authored-by: Vladimir Panteleev <CyberShadow@users.noreply.github.com>
| SHOULD be `application/json` however it should be assumed to be JSON regardless of Content-Type. | ||
| This is consistent with the Server-Server API. | ||
|
|
||
| 1. Step 3f in the Client-Server well-known flow should be changed to use the modern |
There was a problem hiding this comment.
| 1. Step 3f in the Client-Server well-known flow should be changed to use the modern | |
| 1. Step 3.6 in the Client-Server well-known flow should be changed to use the modern |
The latest rendering of the spec uses numbers for the sub-steps instead of letters
| is the suggested replacement. | ||
|
|
||
| 1. The maximum size of the well-known file is 51200 bytes. A client or server | ||
| requesting a well-known file MUST abort and FAIL_PROMPT if the response exceeds 51200 bytes. |
There was a problem hiding this comment.
| requesting a well-known file MUST abort and FAIL_PROMPT if the response exceeds 51200 bytes. | |
| requesting a well-known file MUST abort and FAIL_PROMPT if the response exceeds 51200 bytes. | |
| This check becomes part of step 3.2. |
There was a problem hiding this comment.
(Though #2499 (comment) says that this check is supposed to be removed entirely.)
|
|
||
| 1. The spec does not mention that redirects should be followed for `/.well-known/matrix/client` | ||
| and does not clearly specify what type of redirects should be followed for `/.well-known/matrix/server`. | ||
| To fix this, the spec should be changed to state that when a well-known URI is requested, |
There was a problem hiding this comment.
The server-server spec simply states
30x redirects should be followed, however redirection loops should be avoided.
which is short, reasonable but not overcomplicated. Adopting the same for the Client-Server spec sounds reasonable?
10 participants
Rendered
Intended to address:
https://github.com/matrix-org/matrix-doc/issues/1919
https://github.com/matrix-org/matrix-doc/issues/1896
https://github.com/matrix-org/matrix-doc/issues/2335
If there are any other issues with the client well-known that I've missed let me know so there doesn't need to be a followup MSC.