From 8fa644b7fbda436a99afbd7d5396caadf8c58c15 Mon Sep 17 00:00:00 2001
From: Johannes Marbach <n0-0ne+github@mailbox.org>
Date: Tue, 23 Jul 2024 13:00:43 +0200
Subject: [PATCH] Better differentiate requirements for CS and SS API

---
 proposals/4170-profile-403.md | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/proposals/4170-profile-403.md b/proposals/4170-profile-403.md
index f4e9792d916..7f7c06edf7a 100644
--- a/proposals/4170-profile-403.md
+++ b/proposals/4170-profile-403.md
@@ -50,17 +50,25 @@ by standardizing their 403 error response format and behaviour.
 
 ## Proposal
 
-Homeservers MUST allow profile look-up for local users that either share a room
-with the requester or reside in a public room known to the homeserver. Homeservers
-MAY deny profile look-up for local users in all other cases. If they do, they MUST
-respond with 403 `M_FORBIDDEN` on all endpoints that retrieve profile information.
+For the endpoints in the client-server API
 
-Additionally, homeservers SHOULD query remote servers for profiles if requested.
-Homeservers MAY disable profile look-up over federation. If they do, requests to
-`GET /_matrix/federation/v1/query/profile` MUST be replied to with 403 `M_FORBIDDEN`.
+- [`GET /_matrix/client/v3/profile/{userId}`]
+- [`GET /_matrix/client/v3/profile/{userId}/avatar_url`]
+- [`GET /_matrix/client/v3/profile/{userId}/displayname`]
+
+homeservers MUST at a minimum allow profile look-up for users that either share a room
+with the requester or reside in a public room known to the homeserver. In all other
+cases, homeservers MAY deny profile look-up by responding with 403 `M_FORBIDDEN`.
+
+If a remote user is queried through the client-server endpoints and the query is not
+denied per the preceding paragraph, homeservers SHOULD query the remote server for the
+user's profile information.
+
+Homeservers MAY disable profile look-up over federation by responding with 403 `M_FORBIDDEN`
+to [`GET /_matrix/federation/v1/query/profile`].
 
-Whenever profile look-up is disabled, the server's response MUST be 403 `M_FORBIDDEN`
-regardless of whether or not the user exists.
+Whenever profile look-up is disabled on any of the four endpoints, the server's
+response MUST be 403 `M_FORBIDDEN` regardless of whether the user exists or not.
 
 
 ## Potential issues