Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Check that the "origin" in the transaction JSON matches the X-Matrix authorization origin. (SYN-102) #1232

Closed
matrixbot opened this issue Oct 14, 2014 · 2 comments
Closed

Check that the "origin" in the transaction JSON matches the X-Matrix authorization origin. (SYN-102) #1232

matrixbot opened this issue Oct 14, 2014 · 2 comments
Labels
A-Federation z-feature (Deprecated Label)

Comments

@matrixbot
Copy link
Member

We need to check that the "origin" in the transaction JSON matches the "origin" in the HTTP signature. Otherwise servers will be able to spoof other servers.

(Imported from https://matrix.org/jira/browse/SYN-102)

(Reported by @NegativeMjark)
@matrixbot
Copy link
Member Author

Jira watchers: @NegativeMjark

@matrixbot matrixbot changed the title Check that the "origin" in the transaction JSON matches the X-Matrix authorization origin. (SYN-102) Check that the "origin" in the transaction JSON matches the X-Matrix authorization origin. (https://github.com/matrix-org/synapse/issues/1232) Nov 7, 2016
@matrixbot matrixbot changed the title Check that the "origin" in the transaction JSON matches the X-Matrix authorization origin. (https://github.com/matrix-org/synapse/issues/1232) Check that the "origin" in the transaction JSON matches the X-Matrix authorization origin. (SYN-102) Nov 7, 2016
@richvdh
Copy link
Member

richvdh commented Oct 8, 2019

transaction.origin is unused and should die, as per #3816

@richvdh richvdh closed this as completed Oct 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-Federation z-feature (Deprecated Label)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@richvdh @matrixbot