Decentralized reporting requires the reporter to either be in the management room or config.acceptInvitesFromSpace.
#475
Labels
T-Other
Questions, user support, anything else
Comments
2 tasks
turt2live
changed the title
config.acceptInvitesFromSpace.config.acceptInvitesFromSpace.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The way room moderator reporting currently seems to work is that the same user is used to relay reports to the management room as is used by Mjolnir to protect rooms. A reporter invites the mjolnir user to a DM in order to send the report, which mjolnir will only accept if the reporter is in the management room or the space specified in
config.acceptInvitesFromSpace.For report-to-moderator to work properly, you'd expect that anyone could invite the relay bot, but this can't be allowed when the same user is being used as the protection and relay roles, not only because accepting any invite is an abuse vector, but also because it conflicts with
config.protectAllJoinedRooms. Anyone would be able to use your Mjolnir to protect their rooms just by inviting it.The text was updated successfully, but these errors were encountered: