Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-16 17:42:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add Cross-Origin-Resource-Policy header to thumbnail and download media endpoints (#12944)

Browse source
This commit is contained in:
Robert Long 2022-06-27 06:44:05 -07:00 committed by GitHub
parent 3c5549e74a
commit 9b683ea80f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 44 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
synapse/rest/media/v1/thumbnail_resource.py
View file

@ -18,7 +18,11 @@ import logging
from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple
from synapse.api.errors import SynapseError
from synapse.http.server import DirectServeJsonResource, set_cors_headers
from synapse.http.server import (
DirectServeJsonResource,
set_corp_headers,
set_cors_headers,
)
from synapse.http.servlet import parse_integer, parse_string
from synapse.http.site import SynapseRequest
from synapse.rest.media.v1.media_storage import MediaStorage
@ -58,6 +62,7 @@ class ThumbnailResource(DirectServeJsonResource):
async def _async_render_GET(self, request: SynapseRequest) -> None:
set_cors_headers(request)
set_corp_headers(request)
server_name, media_id, _ = parse_media_id(request)
width = parse_integer(request, "width", required=True)
height = parse_integer(request, "height", required=True)