Add authenticated media (MSC3916) (#1858)
* C2S: Deprecate now-legacy endpoints * C2S: Fix MXC URI code block while we're here * C2S: Describe the authentication and deprecation requirements * C2S: Intro the upload/download endpoints differently * C2S: Literally copy/paste the `content-repo.yaml` spec * C2S: Drop `/upload` and `/create` because we aren't replacing them today * C2S: Fix notes while we're here * C2S: Update metadata for new endpoints * C2S: Add authentication to new endpoints * C2S: Drop `allow_remote` and `allow_redirect` on new endpoints * C2S: Append backwards compatibility notes * C2S: Decorate old media endpoints with pointers to the new ones The server-server spec might have a harder time linking to these, but that can be fixed with verbiage. * C2S: Annotate IdP icon spec with media auth implications * S2S: Modernize section text * S2S: Create content repository API This is largely a copy/paste of the new authed content repo API in the Client-Server API, though some keywords (like "client") have been changed. Paths and response formats have also been changed to support the federation-specific requirements. * C2S & S2S: Add plethora of changelogs * Reference RFC 1341 * Upgrade keywords in changed text * Mention caching * Cross-reference IdP icons * Update content/client-server-api/modules/content_repo.md
This commit is contained in:
Travis Ralston
GitHub
parent
4a280bcd87
commit
7a51ae879c
19 changed files with 967 additions and 15 deletions
|
|
@ -1196,15 +1196,26 @@ using the following EDU:
|
|||
|
||||
Attachments to events (images, files, etc) are uploaded to a homeserver
|
||||
via the Content Repository described in the [Client-Server
|
||||
API](/client-server-api). When a server wishes
|
||||
API](/client-server-api/#content-repository). When a server wishes
|
||||
to serve content originating from a remote server, it needs to ask the
|
||||
remote server for the media.
|
||||
|
||||
Servers should use the server described in the Matrix Content URI, which
|
||||
has the format `mxc://{ServerName}/{MediaID}`. Servers should use the
|
||||
download endpoint described in the [Client-Server
|
||||
API](/client-server-api), being sure to use
|
||||
the `allow_remote` parameter (set to `false`).
|
||||
Servers MUST use the server described in the [Matrix Content URI](/client-server-api/#matrix-content-mxc-uris).
|
||||
Formatted as `mxc://{ServerName}/{MediaID}`, servers MUST download the media from
|
||||
`ServerName` using the below endpoints.
|
||||
|
||||
{{% boxes/added-in-paragraph %}}
|
||||
{{< changed-in v="1.11" >}} Servers were previously advised to use the `/_matrix/media/*`
|
||||
endpoints described by the [Content Repository module in the Client-Server API](/client-server-api/#content-repository),
|
||||
however, those endpoints have been deprecated. New endpoints are introduced which
|
||||
require authentication. Naturally, as a server is not a user, they cannot provide
|
||||
the required access token to those endpoints. Instead, servers MUST try the endpoints
|
||||
described below before falling back to the deprecated `/_matrix/media/*` endpoints
|
||||
when they receive a `404 M_UNRECOGNIZED` error. When falling back, servers MUST
|
||||
be sure to set `allow_remote` to `false`.
|
||||
{{% /boxes/added-in-paragraph %}}
|
||||
|
||||
{{% http-api spec="server-server" api="content_repository" %}}
|
||||
|
||||
## Server Access Control Lists (ACLs)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue