Merge pull request #3494 from FSG-Cat/authenticated-media

Authenticated Media Configuration options
This commit is contained in:
Slavi Pantaleev 2024-08-23 20:22:43 +03:00 committed by GitHub
commit bc7ef40019
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 12 additions and 0 deletions

View File

@ -981,6 +981,11 @@ matrix_synapse_workers_media_repository_workers_container_arguments: []
# Adjusting this value manually is generally not necessary.
matrix_synapse_enable_media_repo: "{{ not matrix_synapse_ext_media_repo_enabled and (not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0)) }}"
# matrix_synapse_enable_authenticated_media controls if authenticated media is enabled. If enabled all "old" media remains accessible over the legacy endpoints but new media is blocked.
# while this option is enabled all media access and downloads have to be done via authenticated endpoints.
# FIX_ME_WHEN_DEFAULT_TRUE: This option is going to become set to default true in Synapse at a later date.
matrix_synapse_enable_authenticated_media: false
# matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`).
# `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository.
# Multiple `media_repository` workers may be enabled. We always pick the first one as the background tasks worker.

View File

@ -1028,6 +1028,13 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_
#enable_media_repo: false
enable_media_repo: {{ matrix_synapse_enable_media_repo | to_json }}
# Enable authenticated media.
# enable_authenticated_media blocks access to new media from the legacy endpoints
# and freezes the unauthenticated media repo by blocking all downloads that are not using
# the new authenticated endpoints. If this option is turned off all media reverts to being considered "old"
enable_authenticated_media: {{ matrix_synapse_enable_authenticated_media | to_json }}
# Directory where uploaded images and attachments are stored.
#
media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }}"