From b662a33081eaf894acf389721d0731cbbbf80f44 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Mon, 4 Nov 2019 15:47:25 -0700
Subject: [PATCH 1/2] Recommend that clients don't preview URLs in encrypted
 rooms

Any stronger of a recommendation would probably require a MSC due to the behaviour change.

Fixes https://github.com/matrix-org/matrix-doc/issues/2120
---
 api/client-server/content-repo.yaml                       | 8 ++++++++
 changelogs/client_server/newsfragments/2343.clarification | 1 +
 2 files changed, 9 insertions(+)
 create mode 100644 changelogs/client_server/newsfragments/2343.clarification

diff --git a/api/client-server/content-repo.yaml b/api/client-server/content-repo.yaml
index a9a0c2f6..577e63b8 100644
--- a/api/client-server/content-repo.yaml
+++ b/api/client-server/content-repo.yaml
@@ -340,6 +340,14 @@ paths:
   "/preview_url":
     get:
       summary: "Get information about a URL for a client"
+      description: |-
+        Get information about a URL for the client. Typically this is called when a
+        client sees a URL in a message and wants to render a preview for the user.
+
+        .. Note::
+          Clients should consider avoiding this endpoint for URLs posted in encrypted
+          rooms.
+
       operationId: getUrlPreview
       produces: ["application/json"]
       security:
diff --git a/changelogs/client_server/newsfragments/2343.clarification b/changelogs/client_server/newsfragments/2343.clarification
new file mode 100644
index 00000000..5b16858b
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2343.clarification
@@ -0,0 +1 @@
+Clarify that clients should consider not requesting URL previews in encrypted rooms.

From f012da17a164165c1f7b91dc13f507835e1a44be Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Tue, 5 Nov 2019 16:00:55 -0700
Subject: [PATCH 2/2] Explain why e2e previews are bad

---
 api/client-server/content-repo.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/client-server/content-repo.yaml b/api/client-server/content-repo.yaml
index 577e63b8..d596dbda 100644
--- a/api/client-server/content-repo.yaml
+++ b/api/client-server/content-repo.yaml
@@ -346,7 +346,9 @@ paths:
 
         .. Note::
           Clients should consider avoiding this endpoint for URLs posted in encrypted
-          rooms.
+          rooms. Encrypted rooms often contain more sensitive information the users
+          do not want to share with the homeserver, and this can mean that the URLs
+          being shared should also not be shared with the homeserver.
 
       operationId: getUrlPreview
       produces: ["application/json"]