summary refs log tree commit diff
path: root/synapse/http
diff options
context:
space:
mode:
authorJan Christian Grünhage <jan.christian@gruenhage.xyz>2022-04-19 17:23:53 +0200
committerGitHub <noreply@github.com>2022-04-19 16:23:53 +0100
commita1f87f57ff7b5971e0e3450ec7761cf8dc4e01d1 (patch)
treed007615f60a8399b9983993795c0e56435797baf /synapse/http
parentFix a link in `README.rst` (#12495) (diff)
downloadsynapse-a1f87f57ff7b5971e0e3450ec7761cf8dc4e01d1.tar.xz
Implement MSC3383: include destination in X-Matrix auth header (#11398)
Co-authored-by: Jan Christian Grünhage <jan.christian@gruenhage.xyz>
Co-authored-by: Marcus Hoffmann <bubu@bubu1.eu>
Diffstat (limited to 'synapse/http')
-rw-r--r--synapse/http/matrixfederationclient.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
index 5097b3ca57..e686445955 100644
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -704,6 +704,9 @@ class MatrixFederationHttpClient:
         Returns:
             A list of headers to be added as "Authorization:" headers
         """
+        if destination is None and destination_is is None:
+            raise ValueError("destination and destination_is cannot both be None!")
+
         request: JsonDict = {
             "method": method.decode("ascii"),
             "uri": url_bytes.decode("ascii"),
@@ -726,8 +729,13 @@ class MatrixFederationHttpClient:
         for key, sig in request["signatures"][self.server_name].items():
             auth_headers.append(
                 (
-                    'X-Matrix origin=%s,key="%s",sig="%s"'
-                    % (self.server_name, key, sig)
+                    'X-Matrix origin=%s,key="%s",sig="%s",destination="%s"'
+                    % (
+                        self.server_name,
+                        key,
+                        sig,
+                        request.get("destination") or request["destination_is"],
+                    )
                 ).encode("ascii")
             )
         return auth_headers