forked-synapse/synapse/rest/media/v1
Denis Kasak 2476d5373c
Mitigate media repo XSSs on IE11. (#10468)
IE11 doesn't support Content-Security-Policy but it has support for
a non-standard X-Content-Security-Policy header, which only supports the
sandbox directive. This prevents script execution, so it at least offers
some protection against media repo-based attacks.

Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
2021-07-27 13:45:10 +02:00
..
__init__.py [pyupgrade] synapse/ (#10348) 2021-07-19 15:28:05 +01:00
_base.py Use inline type hints in handlers/ and rest/. (#10382) 2021-07-16 18:22:36 +01:00
config_resource.py remove HomeServer.get_config (#9815) 2021-04-14 19:09:08 +01:00
download_resource.py Mitigate media repo XSSs on IE11. (#10468) 2021-07-27 13:45:10 +02:00
filepath.py Remove various bits of compatibility code for Python <3.6 (#9879) 2021-04-27 13:13:07 +01:00
media_repository.py Use inline type hints in handlers/ and rest/. (#10382) 2021-07-16 18:22:36 +01:00
media_storage.py Use inline type hints in handlers/ and rest/. (#10382) 2021-07-16 18:22:36 +01:00
preview_url_resource.py Add a return type to parse_string. (#10438) 2021-07-21 09:47:56 -04:00
storage_provider.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
thumbnail_resource.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
thumbnailer.py Fix /upload 500'ing when presented a very large image (#10029) 2021-05-21 18:31:59 +02:00
upload_resource.py Use inline type hints in handlers/ and rest/. (#10382) 2021-07-16 18:22:36 +01:00