LotusGuild/matrix
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ToS consent enforcement — disable require_at_registration
Lint / Shell (shellcheck) (push) Successful in 16s
Details
Lint / JS (eslint) (push) Successful in 7s
Details

Browse Source 
Previously require_at_registration=true caused Cinny to silently complete
the m.login.terms UIA step during registration (~34ms), meaning users were
auto-consented without ever seeing the ToS page.

Setting require_at_registration=false removes the UIA step from registration.
New users start with NULL consent and are blocked by block_events_error on
first message send. Synapse sends a Server Notice DM with the /_matrix/consent
URL, which they must explicitly visit and submit before messaging is unblocked.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-04-18 12:54:43 -04:00
parent 08651fcbda
commit 5bb62db222
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1
View File
@@ -438,6 +438,7 @@ Periodic `TLS/TCP socket error: Connection reset by peer` in coturn logs. Normal
- [x] SSO/OIDC via Authelia - [x] SSO/OIDC via Authelia
- [x] `allow_existing_users: true` for linking accounts to SSO - [x] `allow_existing_users: true` for linking accounts to SSO
- [x] Password auth alongside SSO - [x] Password auth alongside SSO
- [x] Terms of Service / consent enforcement — `require_at_registration: false`, `block_events_error` set; new users cannot send messages until they explicitly accept via `/_matrix/consent`; Synapse sends a Server Notice DM with the consent URL on first blocked send
### Webhooks & Integrations ### Webhooks & Integrations
- [x] matrix-hookshot 7.3.2 — 11 active webhook services - [x] matrix-hookshot 7.3.2 — 11 active webhook services