diff options
| author | Shay <hillerys@element.io> | 2023-08-03 11:43:51 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-03 11:43:51 -0700 |
| commit | 0a5f4f766514b84aff84ff17dffd5301a437c797 (patch) | |
| tree | a7909bcb2d741ba0fb4d9787ae633d974c64add5 /docs | |
| parent | Allow config of the backoff algorithm for the federation client. (#15754) (diff) | |
| download | synapse-0a5f4f766514b84aff84ff17dffd5301a437c797.tar.xz | |
Move support for application service query parameter authorization behind a configuration option (#16017)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/upgrade.md | 16 | ||||
| -rw-r--r-- | docs/usage/configuration/config_documentation.md | 14 |
2 files changed, 29 insertions, 1 deletions
diff --git a/docs/upgrade.md b/docs/upgrade.md index 5dde6c769e..f50a279e98 100644 --- a/docs/upgrade.md +++ b/docs/upgrade.md @@ -88,6 +88,21 @@ process, for example: dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb ``` +# Upgrading to v1.90.0 + +## App service query parameter authorization is now a configuration option + +Synapse v1.81.0 deprecated application service authorization via query parameters as this is +considered insecure - and from Synapse v1.71.0 forwards the application service token has also been sent via +[the `Authorization` header](https://spec.matrix.org/v1.6/application-service-api/#authorization)], making the insecure +query parameter authorization redundant. Since removing the ability to continue to use query parameters could break +backwards compatibility it has now been put behind a configuration option, `use_appservice_legacy_authorization`. +This option defaults to false, but can be activated by adding +```yaml +use_appservice_legacy_authorization: true +``` +to your configuration. + # Upgrading to v1.89.0 ## Removal of unspecced `user` property for `/register` @@ -97,7 +112,6 @@ The standard `username` property should be used instead. See the [Application Service specification](https://spec.matrix.org/v1.7/application-service-api/#server-admin-style-permissions) for more information. - # Upgrading to v1.88.0 ## Minimum supported Python version diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index c32608da2b..2987c9332d 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -2849,6 +2849,20 @@ Example configuration: track_appservice_user_ips: true ``` --- +### `use_appservice_legacy_authorization` + +Whether to send the application service access tokens via the `access_token` query parameter +per older versions of the Matrix specification. Defaults to false. Set to true to enable sending +access tokens via a query parameter. + +**Enabling this option is considered insecure and is not recommended. ** + +Example configuration: +```yaml +use_appservice_legacy_authorization: true +``` + +--- ### `macaroon_secret_key` A secret which is used to sign |