mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-14 11:57:44 +00:00
Disable device name lookup over federation by default (#12616)
This commit is contained in:
parent
ba3fd54bad
commit
332cce8dcf
5 changed files with 24 additions and 12 deletions
1
changelog.d/12616.misc
Normal file
1
changelog.d/12616.misc
Normal file
|
@ -0,0 +1 @@
|
|||
Prevent remote homeservers from requesting local user device names by default.
|
|
@ -709,11 +709,11 @@ retention:
|
|||
#
|
||||
#allow_profile_lookup_over_federation: false
|
||||
|
||||
# Uncomment to disable device display name lookup over federation. By default, the
|
||||
# Federation API allows other homeservers to obtain device display names of any user
|
||||
# on this homeserver. Defaults to 'true'.
|
||||
# Uncomment to allow device display name lookup over federation. By default, the
|
||||
# Federation API prevents other homeservers from obtaining the display names of
|
||||
# user devices on this homeserver. Defaults to 'false'.
|
||||
#
|
||||
#allow_device_name_lookup_over_federation: false
|
||||
#allow_device_name_lookup_over_federation: true
|
||||
|
||||
|
||||
## Caching ##
|
||||
|
|
|
@ -89,6 +89,17 @@ process, for example:
|
|||
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
|
||||
```
|
||||
|
||||
# Upgrading to v1.59.0
|
||||
|
||||
## Device name lookup over federation has been disabled by default
|
||||
|
||||
The names of user devices are no longer visible to users on other homeservers by default.
|
||||
Device IDs are unaffected, as these are necessary to facilitate end-to-end encryption.
|
||||
|
||||
To re-enable this functionality, set the
|
||||
[`allow_device_name_lookup_over_federation`](https://matrix-org.github.io/synapse/v1.59/usage/configuration/config_documentation.html#federation)
|
||||
homeserver config option to `true`.
|
||||
|
||||
# Upgrading to v1.58.0
|
||||
|
||||
## Groups/communities feature has been disabled by default
|
||||
|
|
|
@ -1035,13 +1035,13 @@ allow_profile_lookup_over_federation: false
|
|||
---
|
||||
Config option: `allow_device_name_lookup_over_federation`
|
||||
|
||||
Set this option to false to disable device display name lookup over federation. By default, the
|
||||
Federation API allows other homeservers to obtain device display names of any user
|
||||
Set this option to true to allow device display name lookup over federation. By default, the
|
||||
Federation API prevents other homeservers from obtaining the display names of any user devices
|
||||
on this homeserver.
|
||||
|
||||
Example configuration:
|
||||
```yaml
|
||||
allow_device_name_lookup_over_federation: false
|
||||
allow_device_name_lookup_over_federation: true
|
||||
```
|
||||
---
|
||||
## Caching ##
|
||||
|
|
|
@ -46,7 +46,7 @@ class FederationConfig(Config):
|
|||
)
|
||||
|
||||
self.allow_device_name_lookup_over_federation = config.get(
|
||||
"allow_device_name_lookup_over_federation", True
|
||||
"allow_device_name_lookup_over_federation", False
|
||||
)
|
||||
|
||||
def generate_config_section(self, **kwargs: Any) -> str:
|
||||
|
@ -81,11 +81,11 @@ class FederationConfig(Config):
|
|||
#
|
||||
#allow_profile_lookup_over_federation: false
|
||||
|
||||
# Uncomment to disable device display name lookup over federation. By default, the
|
||||
# Federation API allows other homeservers to obtain device display names of any user
|
||||
# on this homeserver. Defaults to 'true'.
|
||||
# Uncomment to allow device display name lookup over federation. By default, the
|
||||
# Federation API prevents other homeservers from obtaining the display names of
|
||||
# user devices on this homeserver. Defaults to 'false'.
|
||||
#
|
||||
#allow_device_name_lookup_over_federation: false
|
||||
#allow_device_name_lookup_over_federation: true
|
||||
"""
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue