MSC3550: Allow HTTP 403 as a response to profile lookups (#3550 )

* add 403 proposal

* add msc number to file and filename

* correctly use markdown

* requested changes

* add links

* specify error code

* Update proposals/3550-allow-403-response-profile-lookup.md

Co-authored-by: Travis Ralston <travisr@matrix.org>

* fix formatting typo

Co-authored-by: Travis Ralston <travisr@matrix.org>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

2021-12-26 12:01:43 -07:00

1.5 KiB

Raw Blame History

MSC3550: Add HTTP 403 to possible profile lookup responses

Background

In the current spec, the only response codes listed for GET /_matrix/client/v3/profile/{userId} are 200 and 404. However, some servers may not allow profile lookup over federation, and thus respond to GET /_matrix/client/v3/profile/{userId} with an HTTP 403.

For example, Synapse can be configured to behave in this way by setting:

allow_profile_lookup_over_federation=false

Thus, this behavior already exists in Synapse, and may cause issues for clients such as vector-im/element-web#17269.

Proposal

The proposal is to allow HTTP 403 as an option for responding to GET /_matrix/client/v3/profile/{userId} requests. Allowing HTTP 403 gives clients more specific information as to why a request has failed, thus enabling more precise error handling. The 403 would be accompanied by an M_FORBIDDEN error code.

Potential Issues

The change to the spec may conflict with other existing server implementations.

Alternatives

The spec could remain as-is and Synapse could alter its current behavior and return an HTTP 404 rather than 403 in this case.

Security Considerations

None at this time.

1.5 KiB Raw Blame History