From 2f55b2634315b531bdbcc19f40aa3fc3f6a26275 Mon Sep 17 00:00:00 2001 From: Nick Mills-Barrett Date: Wed, 1 Nov 2023 10:15:39 +0000 Subject: [PATCH] Expand alternatives section --- proposals/4071-pagination-token-headers.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/proposals/4071-pagination-token-headers.md b/proposals/4071-pagination-token-headers.md index add4e0f634a..e1c3b6ed754 100644 --- a/proposals/4071-pagination-token-headers.md +++ b/proposals/4071-pagination-token-headers.md @@ -10,6 +10,10 @@ This MSC proposes an opt-in workaround that enables clients to specify the pagin header rather than query string thus avoiding a new CORS request each time the token changes. This is absolutely a hack, and if accepted must only be used to work around this specific problem. +Note that there are a bunch of less hacky [alternatives](#alternatives) but none of them are simple +and quick to implement such as this. This is very much a patch to alleviate the immediate issue while +better solutions can be worked out. + ## Proposal Super simple - clients may pass pagination tokens as a header instead of query parameters using the @@ -37,6 +41,12 @@ for discussion here. A POST request with a body containing the parameters would also suffice as a solution. Like this proposal this would also be a hacky workaround. +[matrix-spec#223](https://github.com/matrix-org/matrix-spec/issues/223) discusses some other alternative +workarouds for the issue. + +[MSC2108](https://github.com/matrix-org/matrix-spec-proposals/pull/2108) proposes using SSE as an +alternative. This would indeed work, but it's a significant change to implement and deploy everywhere. + ## Security considerations In the context of Matrix clients CORS provides no security and homeservers are expected to accept