matrix-org · richvdh · Oct 7, 2024 · Jun 12, 2024 · Jun 12, 2024 · Oct 7, 2024
@@ -0,0 +1 @@
+Add 403 responses on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).
@@ -0,0 +1 @@
+Add 403 response on `/query/profile` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).
@@ -2753,7 +2753,25 @@ re-invited.
 
 {{% http-api spec="client-server" api="profile" %}}
 
-#### Events on Change of Profile Information
+#### Server behaviour
+
+Homeservers MUST at a minimum allow profile look-up for:
+
+-   users that share a room with the requesting user
+-   users that reside in public rooms known to the homeserver
+
+In all other cases, homeservers MAY deny profile look-up by responding with
+403 and an error code of `M_FORBIDDEN`.
+
+When a remote user is queried and the query is not denied per the above,
+homeservers SHOULD query the remote server for the user's profile information.
+The remote server MAY itself deny profile queries over federation, however.
+
+When the requested user does not exist, homeservers MAY choose whether to
+respond with 403 or 404. If the server denies profile look-up in all but the
+required cases, 403 is RECOMMENDED.
+
+##### Events on Change of Profile Information
 
 Because the profile display name and avatar information are likely to be
 used in many places of a client's display, changes to these fields cause

@@ -98,6 +98,20 @@ paths:
                   value: {
                     "displayname": "Alice Margatroid"
                   }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has a display name.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup is disabled on this homeserver"
+                  }
         "404":
           description: There is no display name for this user or this user does not exist.
       tags:
@@ -185,6 +199,20 @@ paths:
                   value: {
                     "avatar_url": "mxc://matrix.org/SDGdghriugerRg"
                   }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has an avatar URL.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup is disabled on this homeserver"
+                  }
         "404":
           description: There is no avatar URL for this user or this user does not exist.
       tags:
@@ -239,7 +267,7 @@ paths:
                 response:
                   value: {
                     "errcode": "M_FORBIDDEN",
-                    "error": "Profile lookup over federation is disabled on this homeserver"
+                    "error": "Profile lookup is disabled on this homeserver"
                   }
         "404":
           description: There is no profile information for this user or this user does not

@@ -117,6 +117,9 @@ paths:
 
         Servers may wish to cache the response to this query to avoid requesting the
         information too often.
+
+        Servers MAY deny profile look-up over federation by responding with 403 and an
+        error code of `M_FORBIDDEN`.
       operationId: queryProfile
       security:
         - signedRequest: []
@@ -172,6 +175,20 @@ paths:
                     "displayname": "John Doe",
                     "avatar_url": "mxc://matrix.org/MyC00lAvatar"
                   }
+        "403":
+          x-addedInMatrixVersion: "1.12"
+          description: The server is unwilling to disclose whether the user exists and/or
+            has profile information.
+          content:
+            application/json:
+              schema:
+                $ref: ../client-server/definitions/errors/error.yaml
+              examples:
+                response:
+                  value: {
+                    "errcode": "M_FORBIDDEN",
+                    "error": "Profile lookup over federation is disabled on this homeserver"
+                  }
         "404":
           description: The user does not exist or does not have a profile.
           content: