mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-24 10:12:19 -05:00
XEP-0357: Fix Enabling Notifications URL
This commit is contained in:
parent
be00307eb0
commit
bc470705fa
@ -202,7 +202,7 @@
|
|||||||
<section2 topic='Business Rules'>
|
<section2 topic='Business Rules'>
|
||||||
<p>Each PubSub node is a delivery target for the Push Service, which could represent multiple devices for a single user.</p>
|
<p>Each PubSub node is a delivery target for the Push Service, which could represent multiple devices for a single user.</p>
|
||||||
<p>In order to prevent information leaks, each node SHOULD be configured with a 'whitelist' access model so that only trusted entities are able to view or subscribe to published notifications. Furthermore, the 'publish-only' affiliation SHOULD be used to allow acceptable entities (such as the server JID and the user's bare JID) to publish to the node to trigger notifications.</p>
|
<p>In order to prevent information leaks, each node SHOULD be configured with a 'whitelist' access model so that only trusted entities are able to view or subscribe to published notifications. Furthermore, the 'publish-only' affiliation SHOULD be used to allow acceptable entities (such as the server JID and the user's bare JID) to publish to the node to trigger notifications.</p>
|
||||||
<p>Care SHOULD be taken to ensure that publish requests are coming from the user's server and not from other third-party client applications using the full JID of a user. A Push Service MAY opt to only accept or further process publish requests from server JIDs and bare user JIDs to ensure that only a user's server is able to publish, but it SHOULD instead use publish options with credentials shared only with the user's server (see <link url='#publish-options'>Enabling Notifications</link>).</p>
|
<p>Care SHOULD be taken to ensure that publish requests are coming from the user's server and not from other third-party client applications using the full JID of a user. A Push Service MAY opt to only accept or further process publish requests from server JIDs and bare user JIDs to ensure that only a user's server is able to publish, but it SHOULD instead use publish options with credentials shared only with the user's server (see <link url='#enabling'>Enabling Notifications</link>).</p>
|
||||||
</section2>
|
</section2>
|
||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user