From 6ec8ee2a5e6da184b88eb482b6f109322e8f4bc0 Mon Sep 17 00:00:00 2001
From: Jason Robinson <jasonr@element.io>
Date: Thu, 28 May 2026 12:52:25 +0300
Subject: [PATCH] Mount ProfileFieldRestServlet on all Synapse instances

But only allow PUT/DELETE from the `profile_updates` worker (which defaults to being `main`).
---
 synapse/rest/client/profile.py | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/synapse/rest/client/profile.py b/synapse/rest/client/profile.py
index 7b8bb151f9..3ecba9659f 100644
--- a/synapse/rest/client/profile.py
+++ b/synapse/rest/client/profile.py
@@ -109,6 +109,9 @@ class ProfileFieldRestServlet(RestServlet):
         self.hs = hs
         self.profile_handler = hs.get_profile_handler()
         self.auth = hs.get_auth()
+        self._is_profile_worker = (
+            hs.get_instance_name() in hs.config.worker.writers.profile_updates
+        )
         if hs.config.experimental.msc4133_enabled:
             self.PATTERNS.append(
                 re.compile(
@@ -157,6 +160,13 @@ class ProfileFieldRestServlet(RestServlet):
     async def on_PUT(
         self, request: SynapseRequest, user_id: str, field_name: str
     ) -> tuple[int, JsonDict]:
+        if not self._is_profile_worker:
+            raise SynapseError(
+                HTTPStatus.METHOD_NOT_ALLOWED,
+                "Can only handle PUT /profile on instances configured to handle the profile_updates stream writer",
+                Codes.UNRECOGNIZED,
+            )
+
         if not UserID.is_valid(user_id):
             raise SynapseError(
                 HTTPStatus.BAD_REQUEST, "Invalid user id", Codes.INVALID_PARAM
@@ -222,6 +232,12 @@ class ProfileFieldRestServlet(RestServlet):
     async def on_DELETE(
         self, request: SynapseRequest, user_id: str, field_name: str
     ) -> tuple[int, JsonDict]:
+        if not self._is_profile_worker:
+            raise SynapseError(
+                HTTPStatus.METHOD_NOT_ALLOWED,
+                "Can only handle DELETE /profile on instances configured to handle the profile_updates stream writer",
+                Codes.UNRECOGNIZED,
+            )
         if not UserID.is_valid(user_id):
             raise SynapseError(
                 HTTPStatus.BAD_REQUEST, "Invalid user id", Codes.INVALID_PARAM
@@ -284,17 +300,9 @@ class UnstableProfileFieldRestServlet(ProfileFieldRestServlet):
 
 
 def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
-    # Updating user profiles requires the ability to write to the
-    # `profile_updates` stream.
-    if hs.get_instance_name() in hs.config.worker.writers.profile_updates:
-        # The specific field endpoint *must* appear before the generic profile
-        # endpoint (below).
+    ProfileFieldRestServlet(hs).register(http_server)
 
-        # TODO: Is it possible to still allow any generic_worker to handle the
-        # `GET` endpoint?
-        ProfileFieldRestServlet(hs).register(http_server)
-
-        if hs.config.experimental.msc4133_enabled:
-            UnstableProfileFieldRestServlet(hs).register(http_server)
+    if hs.config.experimental.msc4133_enabled:
+        UnstableProfileFieldRestServlet(hs).register(http_server)
 
     ProfileRestServlet(hs).register(http_server)