Changes between Initial Version and Version 1 of Ticket #15879, comment 3


Ignore:
Timestamp:
01/28/14 14:42:54 (5 years ago)
Author:
datallah
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15879, comment 3

    initial v1  
    22In [93d4bff19574], a security fix was made which changed the behavior so that all stanzas responses' "from" attribute should match the "to" attribute the stanza was sent to.
    33
    4 However, the implementation is not correct - we don't cover (b) in http://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-from-c2s:
     4However, the implementation is not correct - we don't cover case 2 in http://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-from-c2s:
    55{{{
    6 When the server generates a stanza from the server for delivery to the client on behalf of the account of the connected client (e.g., in the context of data storage services provided by the server on behalf of the client), the stanza MUST either (a) not include a 'from' attribute or (b) include a 'from' attribute whose value is the account's bare JID (<localpart@domainpart>).
     62. When the server generates a stanza on its own behalf for delivery to the client from the server itself, the stanza MUST include a 'from' attribute whose value is the bare JID (i.e., <domainpart>) of the server as agreed upon during stream negotiation (e.g., based on the 'to' attribute of the initial stream header).
    77}}}
    88
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!