Skip to content

Commit

Permalink
Include . and ~ in allowed characters for registration tokens
Browse files Browse the repository at this point in the history 
For consistency with the unreserved URL characters in RFC3986

https://www.ietf.org/rfc/rfc3986.html#section-2.3

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
  • Loading branch information
@govynnus @richvdh
govynnus and richvdh authored Sep 22, 2021
1 parent 5eb8a8b commit 79939f9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion proposals/3231-token-authenticated-registration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ endpoint uses the [User-Interactive Authentication API](https://matrix.org/docs/
A new authentication type `m.login.registration_token` will be defined which requires
a `token` key to be present in the submitted `auth` dict. The token will be a
string of no more than 64 characters, and contain only characters matched by the
regex `[A-Za-z0-9-_]`.
regex `[A-Za-z0-9._~-]`.
This will avoid URL encoding issues with the validity checking endpoint, and
prevent DoS attacks from extremely long tokens.

Expand Down

0 comments on commit 79939f9

Please sign in to comment.