fix: do not use Secure-Join-Group header

Alice already knows which auth token corresponds to which group. There is no need to trust Bob on sending the correct group ID.
2026-04-19 14:36:29 +03:00 · 2024-02-09 03:35:06 +00:00
parent b970ebe67a
commit 6ea675a12f
3 changed files with 42 additions and 37 deletions
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -74,6 +74,11 @@ pub enum HeaderDef {
    Autocrypt,
    AutocryptSetupMessage,
    SecureJoin,
+
+    /// Deprecated header containing Group-ID in `vg-request-with-auth` message.
+    ///
+    /// It is not used by Alice as Alice knows the group corresponding to the AUTH token.
+    /// Bob still sends it for backwards compatibility.
    SecureJoinGroup,
    SecureJoinFingerprint,
    SecureJoinInvitenumber,