From 3b7fd8d2a3b4615fdcb896d5b91c7157fedf99ad Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Tue, 7 Dec 2021 13:13:01 -0800
Subject: [PATCH 1/8] add 403 proposal

---
 proposals/add_403.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 proposals/add_403.md

diff --git a/proposals/add_403.md b/proposals/add_403.md
new file mode 100644
index 00000000000..75d709c0240
--- /dev/null
+++ b/proposals/add_403.md
@@ -0,0 +1,30 @@
+#MSC: Add HTTP 403 to possible profile lookup responses
+
+#Background
+In the current spec, the only response codes listed for  GET /_matrix/client/v3/profile/{userId}
+are `200` and `404`. However, some servers may not allow profile lookup over federation, and thus
+respond to GET /_matrix/client/v3/profile/{userId} with an HTTP 403.
+
+For example, Synapse can be configured to behave in this way by setting:
+
+```
+allow_profile_lookup_over_federation=false
+```
+
+Thus, this behavior already exists in Synapse, and may cause issues for
+clients such as [vector-im/element-web#17269](https://github.com/vector-im/element-web/issues/17269).
+
+#Proposal
+The proposal is to allow HTTP 403 as an option for responding to  GET /_matrix/client/v3/profile/{userId}
+requests. Allowing HTTP 403 gives clients more specific information as to why a request has 
+failed, thus enabling more precise error handling.
+
+#Potential Issues
+The change to the spec may conflict with other existing server implementations.
+
+#Alternatives
+The spec could remain as-is and Synapse could alter its current behavior and return an HTTP 
+404 rather than 403 in this case. 
+
+#Security Considerations
+None at this time. 
\ No newline at end of file

From be18bea9c2493ec838790dfdb7083c02305f7be5 Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Tue, 7 Dec 2021 13:29:24 -0800
Subject: [PATCH 2/8] add msc number to file and filename

---
 .../{add_403.md => 3550-allow-403-response-profile-lookup.md}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename proposals/{add_403.md => 3550-allow-403-response-profile-lookup.md} (94%)

diff --git a/proposals/add_403.md b/proposals/3550-allow-403-response-profile-lookup.md
similarity index 94%
rename from proposals/add_403.md
rename to proposals/3550-allow-403-response-profile-lookup.md
index 75d709c0240..fcccd5c3c6f 100644
--- a/proposals/add_403.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -1,4 +1,4 @@
-#MSC: Add HTTP 403 to possible profile lookup responses
+#MSC 3550: Add HTTP 403 to possible profile lookup responses
 
 #Background
 In the current spec, the only response codes listed for  GET /_matrix/client/v3/profile/{userId}

From 311670a1881a2760a01381f1cb220851b35e1ee1 Mon Sep 17 00:00:00 2001
From: Shay <hillerys@element.io>
Date: Tue, 7 Dec 2021 13:49:06 -0800
Subject: [PATCH 3/8] correctly use markdown

---
 .../3550-allow-403-response-profile-lookup.md      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/proposals/3550-allow-403-response-profile-lookup.md b/proposals/3550-allow-403-response-profile-lookup.md
index fcccd5c3c6f..6fdb66b98bb 100644
--- a/proposals/3550-allow-403-response-profile-lookup.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -1,6 +1,6 @@
-#MSC 3550: Add HTTP 403 to possible profile lookup responses
+# MSC 3550: Add HTTP 403 to possible profile lookup responses
 
-#Background
+# Background
 In the current spec, the only response codes listed for  GET /_matrix/client/v3/profile/{userId}
 are `200` and `404`. However, some servers may not allow profile lookup over federation, and thus
 respond to GET /_matrix/client/v3/profile/{userId} with an HTTP 403.
@@ -14,17 +14,17 @@ allow_profile_lookup_over_federation=false
 Thus, this behavior already exists in Synapse, and may cause issues for
 clients such as [vector-im/element-web#17269](https://github.com/vector-im/element-web/issues/17269).
 
-#Proposal
+# Proposal
 The proposal is to allow HTTP 403 as an option for responding to  GET /_matrix/client/v3/profile/{userId}
 requests. Allowing HTTP 403 gives clients more specific information as to why a request has 
 failed, thus enabling more precise error handling.
 
-#Potential Issues
+# Potential Issues
 The change to the spec may conflict with other existing server implementations.
 
-#Alternatives
+# Alternatives
 The spec could remain as-is and Synapse could alter its current behavior and return an HTTP 
 404 rather than 403 in this case. 
 
-#Security Considerations
-None at this time. 
\ No newline at end of file
+# Security Considerations
+None at this time. 

From a88b20f371291748d30868593c2577f7ef22241f Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Wed, 8 Dec 2021 11:36:35 -0800
Subject: [PATCH 4/8] requested changes

---
 proposals/3550-allow-403-response-profile-lookup.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proposals/3550-allow-403-response-profile-lookup.md b/proposals/3550-allow-403-response-profile-lookup.md
index fcccd5c3c6f..6dea57549d9 100644
--- a/proposals/3550-allow-403-response-profile-lookup.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -1,7 +1,8 @@
-#MSC 3550: Add HTTP 403 to possible profile lookup responses
+#MSC3550: Add HTTP 403 to possible profile lookup responses
 
 #Background
-In the current spec, the only response codes listed for  GET /_matrix/client/v3/profile/{userId}
+In the current spec, the only response codes listed for  [GET /_matrix/client/v3/profile/{userId}]
+(https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
 are `200` and `404`. However, some servers may not allow profile lookup over federation, and thus
 respond to GET /_matrix/client/v3/profile/{userId} with an HTTP 403.
 

From c796bdaef584c843d82e0d2a2aa617e285d99ce3 Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Wed, 8 Dec 2021 11:45:38 -0800
Subject: [PATCH 5/8] add links

---
 proposals/3550-allow-403-response-profile-lookup.md | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/proposals/3550-allow-403-response-profile-lookup.md b/proposals/3550-allow-403-response-profile-lookup.md
index 0aad1a0fe19..e97f35737ab 100644
--- a/proposals/3550-allow-403-response-profile-lookup.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -1,15 +1,9 @@
 #MSC3550: Add HTTP 403 to possible profile lookup responses
 
-#Background
-In the current spec, the only response codes listed for  [GET /_matrix/client/v3/profile/{userId}]
-(https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
-
-# MSC 3550: Add HTTP 403 to possible profile lookup responses
-
 # Background
-In the current spec, the only response codes listed for  GET /_matrix/client/v3/profile/{userId}
+In the current spec, the only response codes listed for [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
 are `200` and `404`. However, some servers may not allow profile lookup over federation, and thus
-respond to GET /_matrix/client/v3/profile/{userId} with an HTTP 403.
+respond to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid) with an HTTP 403.
 
 For example, Synapse can be configured to behave in this way by setting:
 
@@ -21,7 +15,7 @@ Thus, this behavior already exists in Synapse, and may cause issues for
 clients such as [vector-im/element-web#17269](https://github.com/vector-im/element-web/issues/17269).
 
 # Proposal
-The proposal is to allow HTTP 403 as an option for responding to  GET /_matrix/client/v3/profile/{userId}
+The proposal is to allow HTTP 403 as an option for responding to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
 requests. Allowing HTTP 403 gives clients more specific information as to why a request has 
 failed, thus enabling more precise error handling.
 

From 5e78203ed3294983e2905267c58716dbb04bbfc2 Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Mon, 13 Dec 2021 13:52:42 -0800
Subject: [PATCH 6/8] specify error code

---
 proposals/3550-allow-403-response-profile-lookup.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/proposals/3550-allow-403-response-profile-lookup.md b/proposals/3550-allow-403-response-profile-lookup.md
index e97f35737ab..f7207ff281f 100644
--- a/proposals/3550-allow-403-response-profile-lookup.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -17,7 +17,8 @@ clients such as [vector-im/element-web#17269](https://github.com/vector-im/eleme
 # Proposal
 The proposal is to allow HTTP 403 as an option for responding to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
 requests. Allowing HTTP 403 gives clients more specific information as to why a request has 
-failed, thus enabling more precise error handling.
+failed, thus enabling more precise error handling. For example, Synapse currently 
+returns the `M_FORBIDDEN` error code along with the HTTP 403 response.  
 
 # Potential Issues
 The change to the spec may conflict with other existing server implementations.

From ef4fa2a0de3a90a6ca1d8a2213176758a795d7b4 Mon Sep 17 00:00:00 2001
From: Shay <hillerys@element.io>
Date: Mon, 13 Dec 2021 19:36:48 -0800
Subject: [PATCH 7/8] Update
 proposals/3550-allow-403-response-profile-lookup.md

Co-authored-by: Travis Ralston <travisr@matrix.org>
---
 proposals/3550-allow-403-response-profile-lookup.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/proposals/3550-allow-403-response-profile-lookup.md b/proposals/3550-allow-403-response-profile-lookup.md
index f7207ff281f..2a5cc9584ef 100644
--- a/proposals/3550-allow-403-response-profile-lookup.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -17,8 +17,8 @@ clients such as [vector-im/element-web#17269](https://github.com/vector-im/eleme
 # Proposal
 The proposal is to allow HTTP 403 as an option for responding to [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)
 requests. Allowing HTTP 403 gives clients more specific information as to why a request has 
-failed, thus enabling more precise error handling. For example, Synapse currently 
-returns the `M_FORBIDDEN` error code along with the HTTP 403 response.  
+failed, thus enabling more precise error handling. The 403 would be accompanied by an
+`M_FORBIDDEN` error code. 
 
 # Potential Issues
 The change to the spec may conflict with other existing server implementations.

From 97c2eb8167b6714f2e282d8f3120873ffb0cb3ff Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Tue, 14 Dec 2021 13:40:17 +0000
Subject: [PATCH 8/8] fix formatting typo

---
 proposals/3550-allow-403-response-profile-lookup.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proposals/3550-allow-403-response-profile-lookup.md b/proposals/3550-allow-403-response-profile-lookup.md
index 2a5cc9584ef..609c52ed123 100644
--- a/proposals/3550-allow-403-response-profile-lookup.md
+++ b/proposals/3550-allow-403-response-profile-lookup.md
@@ -1,4 +1,4 @@
-#MSC3550: Add HTTP 403 to possible profile lookup responses
+# MSC3550: Add HTTP 403 to possible profile lookup responses
 
 # Background
 In the current spec, the only response codes listed for [GET /_matrix/client/v3/profile/{userId}](https://spec.matrix.org/v1.1/client-server-api/#get_matrixclientv3profileuserid)