Clarify exact rules for encoding federation URLs #849
Labels
A-S2S
Server-to-Server API (federation)
clarification
An area where the expected behaviour is understood, but the spec could do with being more explicit
The spec seemingly doesn't specify exactly what the rules should be for URL-encoding federation URLs.
Synapse seems to query-encode both path and query elements. Dendrite path-encodes path elements and query-encodes query elements.
There is conflicting guidance in the below RFCs:
https://datatracker.ietf.org/doc/html/rfc3986
Uniform Resource Identifier (URI): Generic Syntax
https://datatracker.ietf.org/doc/html/rfc1738
Uniform Resource Locators (URL)
https://datatracker.ietf.org/doc/html/rfc1630
Universal Resource Identifiers in WWW
(In addition, the CS API refers to
encodeURIComponent
in one of the examples — a JavaScript function which, according to Mozilla, seems to half-implement RFC3986 but doesn't handle!'()*
.)This matters especially for federation because the request path is included in the
Authorization: X-Matrix
signature and it makes it very hard to deconstruct and reconstruct these URLs (e.g. in the Low Bandwidth work) without breaking the signatures.The text was updated successfully, but these errors were encountered: