From 355f92ff99cc5a982d92018c81d027d032f2e94f Mon Sep 17 00:00:00 2001
From: Johannes Marbach <n0-0ne+github@mailbox.org>
Date: Wed, 11 Dec 2024 23:48:04 +0100
Subject: [PATCH] Add spec for MSC4163: Make ACLs apply to EDUs (#2004)

Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
---
 .../server_server/newsfragments/2004.feature    |  1 +
 content/server-server-api.md                    | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/server_server/newsfragments/2004.feature

diff --git a/changelogs/server_server/newsfragments/2004.feature b/changelogs/server_server/newsfragments/2004.feature
new file mode 100644
index 00000000..dd23b73d
--- /dev/null
+++ b/changelogs/server_server/newsfragments/2004.feature
@@ -0,0 +1 @@
+Make ACLs apply to EDUs as per [MSC4163](https://github.com/matrix-org/matrix-spec-proposals/pull/4163).
diff --git a/content/server-server-api.md b/content/server-server-api.md
index e1b57c96..8e99c431 100644
--- a/content/server-server-api.md
+++ b/content/server-server-api.md
@@ -1228,7 +1228,6 @@ of `M_FORBIDDEN`.
 
 The following endpoint prefixes MUST be protected:
 
--   `/_matrix/federation/v1/send` (on a per-PDU basis)
 -   `/_matrix/federation/v1/make_join`
 -   `/_matrix/federation/v1/make_leave`
 -   `/_matrix/federation/v1/send_join`
@@ -1245,6 +1244,22 @@ The following endpoint prefixes MUST be protected:
 -   `/_matrix/federation/v1/event_auth`
 -   `/_matrix/federation/v1/get_missing_events`
 
+Additionally the [`/_matrix/federation/v1/send/{txnId}`](#put_matrixfederationv1sendtxnid)
+endpoint MUST be protected as follows:
+
+-   ACLs MUST be applied to all PDUs on a per-PDU basis. If the sending
+    server is denied access to the room identified by `room_id`, the PDU
+    MUST be ignored with an appropriate error included in the response
+    for the respective event ID.
+-   ACLs MUST be applied to all EDUs that are local to a specific room:
+
+    -   For [typing notifications (`m.typing`)](#typing-notifications), if
+        the sending server is denied access to the room identified by
+        `room_id`, the EDU MUST be ignored.
+    -   For [receipts (`m.receipt`)](#receipts), all receipts for a particular
+        room ID MUST be ignored if the sending server is denied access to
+        the room identified by that ID.
+
 ## Signing Events
 
 Signing events is complicated by the fact that servers can choose to