|
@@ -131,15 +131,15 @@ server:
|
131
|
131
|
|
132
|
132
|
# casemapping controls what kinds of strings are permitted as identifiers (nicknames,
|
133
|
133
|
# channel names, account names, etc.), and how they are normalized for case.
|
134
|
|
- # with the recommended default of 'precis', UTF8 identifiers that are "sane"
|
135
|
|
- # (according to RFC 8265) are allowed, and the server additionally tries to protect
|
136
|
|
- # against confusable characters ("homoglyph attacks").
|
137
|
|
- # the other options are 'ascii' (traditional ASCII-only identifiers), and 'permissive',
|
138
|
|
- # which allows identifiers to contain unusual characters like emoji, but makes users
|
139
|
|
- # vulnerable to homoglyph attacks. unless you're really confident in your decision,
|
140
|
|
- # we recommend leaving this value at its default (changing it once the network is
|
141
|
|
- # already up and running is problematic).
|
142
|
|
- casemapping: "precis"
|
|
134
|
+ # the recommended default is 'ascii' (traditional ASCII-only identifiers).
|
|
135
|
+ # the other options are 'precis', which allows UTF8 identifiers that are "sane"
|
|
136
|
+ # (according to UFC 8265), with additional mitigations for homoglyph attacks,
|
|
137
|
+ # and 'permissive', which allows identifiers containing unusual characters like
|
|
138
|
+ # emoji, at the cost of increased vulnerability to homoglyph attacks and potential
|
|
139
|
+ # client compatibility problems. we recommend leaving this value at its default;
|
|
140
|
+ # however, note that changing it once the network is already up and running is
|
|
141
|
+ # problematic.
|
|
142
|
+ casemapping: "ascii"
|
143
|
143
|
|
144
|
144
|
# enforce-utf8 controls whether the server will preemptively discard non-UTF8
|
145
|
145
|
# messages (since they cannot be relayed to websocket clients), or will allow
|