mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-24 18:45:52 +03:00
deploy: 20fc9fcc33
This commit is contained in:
parent
e4ab848927
commit
a0daa3596c
4 changed files with 52 additions and 2 deletions
|
@ -5445,6 +5445,31 @@ into fewer transactions. Defaults to 50.</p>
|
|||
unauthenticated media endpoints (<code>/_matrix/media/(r0|v3|v1)/download</code> and <code>/_matrix/media/(r0|v3|v1)/thumbnail</code>) - requests for authenticated media over these endpoints will result in a 404. All media, including authenticated media, will be available over the authenticated media endpoints <code>_matrix/client/v1/media/download</code> and <code>_matrix/client/v1/media/thumbnail</code>. Media uploaded prior to setting this option to true will still be available over the legacy endpoints. Note if the setting is switched to false
|
||||
after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to false, but
|
||||
this will change to true in a future Synapse release.</p>
|
||||
<p>In all cases, authenticated requests to download media will succeed, but for unauthenticated requests, this
|
||||
case-by-case breakdown describes whether media downloads are permitted:</p>
|
||||
<ul>
|
||||
<li><code>enable_authenticated_media = False</code>:
|
||||
<ul>
|
||||
<li>unauthenticated client or homeserver requesting local media: allowed</li>
|
||||
<li>unauthenticated client or homeserver requesting remote media: allowed as long as the media is in the cache,
|
||||
or as long as the remote homeserver does not require authentication to retrieve the media</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><code>enable_authenticated_media = True</code>:
|
||||
<ul>
|
||||
<li>unauthenticated client or homeserver requesting local media:
|
||||
allowed if the media was stored on the server whilst <code>enable_authenticated_media</code> was <code>False</code> (or in a previous Synapse version where this option did not exist);
|
||||
otherwise denied.</li>
|
||||
<li>unauthenticated client or homeserver requesting remote media: the same as for local media;
|
||||
allowed if the media was stored on the server whilst <code>enable_authenticated_media</code> was <code>False</code> (or in a previous Synapse version where this option did not exist);
|
||||
otherwise denied.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<p>It is especially notable that media downloaded before this option existed (in older Synapse versions), or whilst this option was set to <code>False</code>,
|
||||
will perpetually be available over the legacy, unauthenticated endpoint, even after this option is set to <code>True</code>.
|
||||
This is for backwards compatibility with older clients and homeservers that do not yet support requesting authenticated media;
|
||||
those older clients or homeservers will not be cut off from media they can already see.</p>
|
||||
<p>Example configuration:</p>
|
||||
<pre><code class="language-yaml">enable_authenticated_media: true
|
||||
</code></pre>
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1780,6 +1780,31 @@ into fewer transactions. Defaults to 50.</p>
|
|||
unauthenticated media endpoints (<code>/_matrix/media/(r0|v3|v1)/download</code> and <code>/_matrix/media/(r0|v3|v1)/thumbnail</code>) - requests for authenticated media over these endpoints will result in a 404. All media, including authenticated media, will be available over the authenticated media endpoints <code>_matrix/client/v1/media/download</code> and <code>_matrix/client/v1/media/thumbnail</code>. Media uploaded prior to setting this option to true will still be available over the legacy endpoints. Note if the setting is switched to false
|
||||
after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to false, but
|
||||
this will change to true in a future Synapse release.</p>
|
||||
<p>In all cases, authenticated requests to download media will succeed, but for unauthenticated requests, this
|
||||
case-by-case breakdown describes whether media downloads are permitted:</p>
|
||||
<ul>
|
||||
<li><code>enable_authenticated_media = False</code>:
|
||||
<ul>
|
||||
<li>unauthenticated client or homeserver requesting local media: allowed</li>
|
||||
<li>unauthenticated client or homeserver requesting remote media: allowed as long as the media is in the cache,
|
||||
or as long as the remote homeserver does not require authentication to retrieve the media</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><code>enable_authenticated_media = True</code>:
|
||||
<ul>
|
||||
<li>unauthenticated client or homeserver requesting local media:
|
||||
allowed if the media was stored on the server whilst <code>enable_authenticated_media</code> was <code>False</code> (or in a previous Synapse version where this option did not exist);
|
||||
otherwise denied.</li>
|
||||
<li>unauthenticated client or homeserver requesting remote media: the same as for local media;
|
||||
allowed if the media was stored on the server whilst <code>enable_authenticated_media</code> was <code>False</code> (or in a previous Synapse version where this option did not exist);
|
||||
otherwise denied.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<p>It is especially notable that media downloaded before this option existed (in older Synapse versions), or whilst this option was set to <code>False</code>,
|
||||
will perpetually be available over the legacy, unauthenticated endpoint, even after this option is set to <code>True</code>.
|
||||
This is for backwards compatibility with older clients and homeservers that do not yet support requesting authenticated media;
|
||||
those older clients or homeservers will not be cut off from media they can already see.</p>
|
||||
<p>Example configuration:</p>
|
||||
<pre><code class="language-yaml">enable_authenticated_media: true
|
||||
</code></pre>
|
||||
|
|
Loading…
Reference in a new issue