Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-05 04:15:03 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add Cross-Origin-Resource-Policy header to thumbnail and download media endpoints (#12944)

Browse source
This commit is contained in:
Robert Long 2022-06-27 06:44:05 -07:00 committed by GitHub
parent 3c5549e74a
commit 9b683ea80f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 44 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
synapse/http/server.py
View file

@ -928,6 +928,17 @@ def set_cors_headers(request: Request) -> None:
)
def set_corp_headers(request: Request) -> None:
"""Set the CORP headers so that javascript running in a web browsers can
embed the resource returned from this request when their client requires
the `Cross-Origin-Embedder-Policy: require-corp` header.
Args:
request: The http request to add the CORP header to.
"""
request.setHeader(b"Cross-Origin-Resource-Policy", b"cross-origin")
def respond_with_html(request: Request, code: int, html: str) -> None:
"""
Wraps `respond_with_html_bytes` by first encoding HTML from a str to UTF-8 bytes.