Patrick Cloke
Patrick Cloke
> @squahtx you already have "special" handling for bits of Twitter: [`develop`/synapse/res/providers.json](https://github.com/matrix-org/synapse/blob/develop/synapse/res/providers.json?rgh-link-date=2022-10-06T12%3A35%3A05Z) - in theory adding all of Twitter to that whitelist would resolve this. That file is essentially unused...
> We _should_ be preferring this, see: Ah, I see what's going on -- Twitter doesn't have oEmbed autodiscovery enabled, so we are *only* scraping the HTML in this case....
I downgraded to tolerable since you can easily click the link being previewed, and uncommon since I think this is an odd example where a URL was given as the...
> > ``` > > * add a changelog entry > > * a comment with your sign-off > > ``` > > How do you perform these steps using...
We should probably do something like `UserID.is_valid(event.sender)` before trying to call `get_domain_from_id` on it.
As of today, the correct behavior should be applied, but only for `m.room.message` events. How are you requesting the event?
> Via the sync API. Bundled aggregations are only returned if the result is `limited`, see [here](https://spec.matrix.org/latest/client-server-api/#server-side-replacement-of-content): > Whenever an `m.replace` is to be bundled with an event as above,...
This case is a little more complicated, the data is coming from an oEmbed URL, which returns something like: ```json { "success": true, "type": "rich", "version": "1.0", "provider_name": "FooBar", "provider_url":...
At the very least it sounds like the oEmbed code needs some additional validation near: https://github.com/matrix-org/synapse/blob/15ffc4143c36593bc3d899fad7fb5db00f4d95ea/synapse/rest/media/v1/oembed.py#L170-L172 It might be worth checking briefly if other sites do this? Otherwise I'd be...