anonymousland-synapse/synapse
Denis Kasak 2476d5373c
Mitigate media repo XSSs on IE11. (#10468)
IE11 doesn't support Content-Security-Policy but it has support for
a non-standard X-Content-Security-Policy header, which only supports the
sandbox directive. This prevents script execution, so it at least offers
some protection against media repo-based attacks.

Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
2021-07-27 13:45:10 +02:00
..
_scripts Add script for getting info about recently registered users (#10290) 2021-07-06 13:03:16 +01:00
api Update the MSC3083 support to verify if joins are from an authorized server. (#10254) 2021-07-26 12:17:00 -04:00
app Port the ThirdPartyEventRules module interface to the new generic interface (#10386) 2021-07-20 12:39:46 +02:00
appservice Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
config Update the notification email subject when invited to a space. (#10426) 2021-07-21 17:29:54 +00:00
crypto Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
events Port the ThirdPartyEventRules module interface to the new generic interface (#10386) 2021-07-20 12:39:46 +02:00
federation Update the MSC3083 support to verify if joins are from an authorized server. (#10254) 2021-07-26 12:17:00 -04:00
groups Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
handlers Update the MSC3083 support to verify if joins are from an authorized server. (#10254) 2021-07-26 12:17:00 -04:00
http Fix a handful of type annotations. (#10446) 2021-07-22 12:00:16 +01:00
logging Fix a handful of type annotations. (#10446) 2021-07-22 12:00:16 +01:00
metrics [pyupgrade] synapse/ (#10348) 2021-07-19 15:28:05 +01:00
module_api Fix a handful of type annotations. (#10446) 2021-07-22 12:00:16 +01:00
push Update the notification email subject when invited to a space. (#10426) 2021-07-21 17:29:54 +00:00
replication Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
res/templates Port "Allow users to click account renewal links multiple times without hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) 2021-04-19 19:16:34 +01:00
rest Mitigate media repo XSSs on IE11. (#10468) 2021-07-27 13:45:10 +02:00
server_notices Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
spam_checker_api Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
state Add type hints to state handler. (#10482) 2021-07-26 12:49:53 -04:00
static Add initial support for a "pick your IdP" page (#9017) 2021-01-05 11:25:28 +00:00
storage Add type hints to state handler. (#10482) 2021-07-26 12:49:53 -04:00
streams Add a return type to parse_string. (#10438) 2021-07-21 09:47:56 -04:00
util [pyupgrade] synapse/ (#10348) 2021-07-19 15:28:05 +01:00
__init__.py 1.39.0rc2 2021-07-22 15:43:26 +01:00
event_auth.py Update the MSC3083 support to verify if joins are from an authorized server. (#10254) 2021-07-26 12:17:00 -04:00
notifier.py Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
python_dependencies.py Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
server.py Use inline type hints in various other places (in synapse/) (#10380) 2021-07-15 11:02:43 +01:00
types.py [pyupgrade] synapse/ (#10348) 2021-07-19 15:28:05 +01:00
visibility.py [pyupgrade] synapse/ (#10348) 2021-07-19 15:28:05 +01:00