matrix-org · reivilibre · Nov 9, 2021 · Oct 22, 2021 · Oct 22, 2021 · Oct 22, 2021
diff --git a/changelog.d/11156.misc b/changelog.d/11156.misc
@@ -0,0 +1,5 @@
+Limit which clients are allowed to send read receipts without a body (matrix-org #11156)
+
+synapse\rest\client\receipts.py
+
+Added in a regex check.
@@ -13,10 +13,12 @@
 # limitations under the License.
 
 import logging
+import re
 from typing import TYPE_CHECKING, Tuple
 
 from synapse.api.constants import ReadReceiptEventFields
 from synapse.api.errors import Codes, SynapseError
+from synapse.http import get_request_user_agent
 from synapse.http.server import HttpServer
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.http.site import SynapseRequest
@@ -52,7 +54,12 @@ async def on_POST(
         if receipt_type != "m.read":
             raise SynapseError(400, "Receipt type must be 'm.read'")
 
-        body = parse_json_object_from_request(request, allow_empty_body=True)
+        allow_empty_body = False
+        user_agent = get_request_user_agent(request)
+        if re.search(".*Riot.*", user_agent) or re.search("Element/1.[012].*", user_agent) or re.search("SchildiChat/1.[012].*", user_agent):
+            allow_empty_body = True
+
+        body = parse_json_object_from_request(request, allow_empty_body)
         hidden = body.get(ReadReceiptEventFields.MSC2285_HIDDEN, False)
 
         if not isinstance(hidden, bool):