Add option to control public room directory federation and authentication #375
Labels
No labels
Android
CS::needs customer feedback
CS::needs follow up
CS::needs on prem installation
CS::waiting
Chrome
Design:: Ready
Design:: in progress
Design::UX
E2EE
Edge
Firefox
GDPR
Iteration 13 IM
Linux
MacOS
Need::Discussion
Need::Steps to reproduce
Need::Upstream fix
Needs:: Planning
Needs::Dev-Team
Needs::More information
Needs::Priority
Needs::Product
Needs::Refinement
Needs::Severity
Priority::1-Critical
Priority::2-Max
Priority::3-Impending
Priority::4-High
Priority::5-Medium
Priority::6-Low
Priority::7-None
Progress::Backlog
Progress::Review
Progress::Started
Progress::Testing
Progress::Triage
Progress::Waiting
Reporter::Sentry
Safari
Target::Community
Target::Customer
Target::Internal
Target::PoC
Target::Security
Team:Customer-Success
Team:Design
Team:Infrastructure
Team:Instant-Messaging
Team:Product
Team:Workflows
Type::Bug
Type::Design
Type::Documentation
Type::Feature
Type::Improvement
Type::Support
Type::Tests
Windows
blocked
blocked-by-spec
cla-signed
conduit
contribution::advanced
contribution::easy
contribution::help needed
from::review
iOS
p::ti-tenant
performance
product::triage
proposal
refactor
release-blocker
s: dart_openapi_codegen
s::Famedly-Patient
s::Org-Directory
s::Passport-Generator
s::Requeuest
s:CRM
s:Famedly-App
s:Famedly-Web
s:Fhiroxide
s:Fhiroxide-cli
s:Fhiroxide-client
s:Fhirs
s:Hedwig
s:LISA
s:Matrix-Dart-SDK
s:Role-Manager
s:Synapse
s:User-Directory
s:WFS-Matrix
s:Workflow Engine
s:dtls
s:famedly-error
s:fcm-shared-isolate
s:matrix-api-lite
s:multiple-tab-detector
s:native-imaging
severity::1
severity::2
severity::3
severity::4
technical-debt
voip
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Matthias/conduit#375
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Is your feature request related to a problem? Please describe.
Synapse has 2 options to control whether a server's public room directory can be federated to other servers (
allow_public_rooms_over_federation
) and whether the room directory can be queried with or without authentication (access token) viaallow_public_rooms_without_auth
Clients can view this such as Element's "Explore rooms" button to find rooms to join that are published in a server's room directory of their choice. However it may not be desirable for everyone to federate their room directory.
Synapse has even disabled this by default so new installations don't federate their room directory by default, and require auth for all requests to the room directory. This was in response to bots scanning for Matrix homeservers and their room directories: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/
The current Conduit behaviour is that:
Behaviour compared between a Synapse homeserver, and Conduit on both the Client-Server and Server-Server endpoints:
Unsure if the former can still be queried if you disable federation, but this would not be desirable for private homeservers.
Describe the solution you'd like
Implement 2 options similar to Synapse's
allow_public_rooms_over_federation
andallow_public_rooms_without_auth
to control whether our room directory's federate to other servers and whether our room directory can be queried by anyone without authentication.mentioned in merge request !548