diff options
| author | AndrewFerr <AndrewFerr@users.noreply.github.com> | 2021-02-19 04:50:41 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-19 09:50:41 +0000 |
| commit | 9bc74743d53f4795b8bbd674d2945962a9bb29f9 (patch) | |
| tree | 049e203bcb3dcb84b16345a4ba885b72521e63e1 /synapse/config | |
| parent | Merge branch 'master' into develop (diff) | |
| download | synapse-9bc74743d53f4795b8bbd674d2945962a9bb29f9.tar.xz | |
Add configs to make profile data more private (#9203)
Add off-by-default configuration settings to: - disable putting an invitee's profile info in invite events - disable profile lookup via federation Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
Diffstat (limited to 'synapse/config')
| -rw-r--r-- | synapse/config/federation.py | 10 | ||||
| -rw-r--r-- | synapse/config/server.py | 14 |
2 files changed, 24 insertions, 0 deletions
diff --git a/synapse/config/federation.py b/synapse/config/federation.py index 9f3c57e6a1..55e4db5442 100644 --- a/synapse/config/federation.py +++ b/synapse/config/federation.py @@ -41,6 +41,10 @@ class FederationConfig(Config): ) self.federation_metrics_domains = set(federation_metrics_domains) + self.allow_profile_lookup_over_federation = config.get( + "allow_profile_lookup_over_federation", True + ) + def generate_config_section(self, config_dir_path, server_name, **kwargs): return """\ ## Federation ## @@ -66,6 +70,12 @@ class FederationConfig(Config): #federation_metrics_domains: # - matrix.org # - example.com + + # Uncomment to disable profile lookup over federation. By default, the + # Federation API allows other homeservers to obtain profile data of any user + # on this homeserver. Defaults to 'true'. + # + #allow_profile_lookup_over_federation: false """ diff --git a/synapse/config/server.py b/synapse/config/server.py index 6f3325ff81..0bfd4398e2 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -263,6 +263,12 @@ class ServerConfig(Config): False, ) + # Whether to retrieve and display profile data for a user when they + # are invited to a room + self.include_profile_data_on_invite = config.get( + "include_profile_data_on_invite", True + ) + if "restrict_public_rooms_to_local_users" in config and ( "allow_public_rooms_without_auth" in config or "allow_public_rooms_over_federation" in config @@ -848,6 +854,14 @@ class ServerConfig(Config): # #limit_profile_requests_to_users_who_share_rooms: true + # Uncomment to prevent a user's profile data from being retrieved and + # displayed in a room until they have joined it. By default, a user's + # profile data is included in an invite event, regardless of the values + # of the above two settings, and whether or not the users share a server. + # Defaults to 'true'. + # + #include_profile_data_on_invite: false + # If set to 'true', removes the need for authentication to access the server's # public rooms directory through the client API, meaning that anyone can # query the room directory. Defaults to 'false'. |