Closed sjehuda closed 8 months ago
@Echolon What do you think of this?
Suppose we are visiting speed-dreams.net, and they have their XMPP groupchat.
They choose to use an easy-xmpp-invitation instance, which is not under their control (someone else owns that instance).
Instead of having a default appearance, they choose their background, icon (avatar) and colors.
It was a deliberate decision not to allow any of that. Yes, it would work with a backend XMPP connection, but if it is passed as arguments, it will allow impersonation / tricking of users, and I do not want to make that possible.
The only place where it's really a significant step forward in usability is when inviting people to a private chatroom with a generated JID, where you can't see who invited you, nor where.
I don't want to have a spoofable solution, and there is no way to prevent spoofing without a "smart" server that can look up the relevant data in its backend. And the backend-based solution already exists in https://modules.prosody.im/mod_invites_page
That could be a very nice feature, but, I agree with you on that.
In fact, that would also allow even a simpler abuse by placing unwanted or underrated graphics.
So it is better not to have this, not for background nor avatar, unless the server is able to connect with the groupchat and pull the avatar from there.
Related to #33
We don't necessarily need to use server side for the following feature.
I guess I'd want to have Description, Topic, and also an icon which we can use with
?jid=speed-dreams-dev@chat.jabberfr.org&type=muc&name=Speed Dreams room for developpers&topic=https://www.speed-dreams.net - http://www.speed-dreams.fr Speed Dreams Release 2.2.3 out&icon=https://a.fsdn.com/allura/p/speed-dreams/icon
Anything else requires us to be connected to XMPP, either client side or server side with an XMPP for Javascript.
EDIT:
&jid
and&type
might not be needed.