From 0f687a69c5d1ba1df02e32c2e05abe275bbfb9f3 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 15 Mar 2026 01:01:45 +0200
Subject: [PATCH] matrix-synapse: simplify redundant SSO main-override regexes

MDAD keeps `/_synapse/client/*` out of the broad worker-routing model.
Those paths are mounted by current Synapse on client-serving workers, but MDAD's
worker route buckets only match `/_matrix/client/*`, so `/_synapse/client/*`
requests already fall through to the main-process default.

That made the `/_synapse/client/*` branches in the dedicated SSO override regex
redundant. Remove those branches and leave the explicit SSO override focused on
the real `/_matrix/client/.../login/sso/redirect` path family, which would
otherwise be caught by the broad `/login` client-reader routing.

This also removes duplicated ownership of `login/sso/redirect` from the generic
main-override regex so the dedicated SSO override is the single place that
models that path.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/app/generic_worker.py#L197-L203
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/synapse/client/__init__.py#L39-L90
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/login.py#L636-L643
---
 roles/custom/matrix-synapse/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index f84401d26..ebeb508c1 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -2040,8 +2040,8 @@ matrix_synapse_reverse_proxy_companion_synapse_stream_writer_push_rules_stream_w
 matrix_synapse_reverse_proxy_companion_synapse_stream_writer_device_lists_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_device_lists_stream_worker_client_server_endpoints }}"
 matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{ matrix_synapse_workers_media_repository_endpoints | default([]) }}"
 matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints | default([]) }}"
-matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|login/sso/redirect/|register)
-matrix_synapse_reverse_proxy_companion_client_server_sso_override_locations_regex: ^(/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect|/_synapse/client/(pick_username|(new_user_consent|oidc/callback|pick_idp|sso_register)$))
+matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|register)
+matrix_synapse_reverse_proxy_companion_client_server_sso_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect(/|$)
 # Related to MSC4108 (https://github.com/matrix-org/matrix-spec-proposals/pull/4108)
 matrix_synapse_reverse_proxy_companion_client_server_qr_code_login_locations_regex: ^(/_matrix/client/(unstable|v1)/org.matrix.msc4108/rendezvous|/_synapse/client/rendezvous)$