From 5bb62db222228f6a4647eb33c52e7d6d5980efbb Mon Sep 17 00:00:00 2001 From: Jared Vititoe Date: Sat, 18 Apr 2026 12:54:43 -0400 Subject: [PATCH] =?UTF-8?q?Fix=20ToS=20consent=20enforcement=20=E2=80=94?= =?UTF-8?q?=20disable=20require=5Fat=5Fregistration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously require_at_registration=true caused Cinny to silently complete the m.login.terms UIA step during registration (~34ms), meaning users were auto-consented without ever seeing the ToS page. Setting require_at_registration=false removes the UIA step from registration. New users start with NULL consent and are blocked by block_events_error on first message send. Synapse sends a Server Notice DM with the /_matrix/consent URL, which they must explicitly visit and submit before messaging is unblocked. Co-Authored-By: Claude Sonnet 4.6 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9c571f5..518faff 100644 --- a/README.md +++ b/README.md @@ -438,6 +438,7 @@ Periodic `TLS/TCP socket error: Connection reset by peer` in coturn logs. Normal - [x] SSO/OIDC via Authelia - [x] `allow_existing_users: true` for linking accounts to SSO - [x] Password auth alongside SSO +- [x] Terms of Service / consent enforcement — `require_at_registration: false`, `block_events_error` set; new users cannot send messages until they explicitly accept via `/_matrix/consent`; Synapse sends a Server Notice DM with the consent URL on first blocked send ### Webhooks & Integrations - [x] matrix-hookshot 7.3.2 — 11 active webhook services