forked-synapse/synapse
Jérémy Farnaud 6cf261930a added "media-src: 'self'" to CSP for resources (#3578)
Synapse doesn’t allow for media resources to be played directly from
Chrome. It is a problem for users on other networks (e.g. IRC)
communicating with Matrix users through a gateway. The gateway sends
them the raw URL for the resource when a Matrix user uploads a video
and the video cannot be played directly in Chrome using that URL.

Chrome argues it is not authorized to play the video because of the
Content Security Policy. Chrome checks for the "media-src" policy which
is missing, and defauts to the "default-src" policy which is "none".

As Synapse already sends "object-src: 'self'" I thought it wouldn’t be
a problem to add "media-src: 'self'" to the CSP to fix this problem.
2018-09-25 11:55:02 +01:00
..
api Implement 'event_format' filter param in /sync 2018-09-04 15:20:09 +01:00
app typo 2018-09-17 17:37:56 +01:00
appservice Port http/ to Python 3 (#3771) 2018-09-06 00:10:47 +10:00
config Remove some superfluous logging (#3855) 2018-09-13 19:59:32 +10:00
crypto Merge pull request #3826 from matrix-org/rav/logging_for_keyring 2018-09-12 20:43:47 +10:00
events Fix handling of redacted events from federation 2018-09-13 15:44:12 +01:00
federation Fix handling of redacted events from federation 2018-09-13 15:44:12 +01:00
groups Fix some looping_call calls which were broken in #3604 2018-07-26 11:48:08 +01:00
handlers Only lazy load self-members on initial sync 2018-09-25 00:49:26 +01:00
http Merge pull request #3925 from matrix-org/erikj/fix_producers_unregistered 2018-09-25 11:52:06 +01:00
metrics Add missing logger 2018-09-20 17:05:34 +01:00
module_api Delete devices in various logout situations 2017-11-29 16:44:35 +00:00
push fix link for case that config.email_riot_base_url is set 2018-09-13 22:43:50 +01:00
replication Fix minor typo in exception 2018-09-13 11:51:12 -06:00
rest added "media-src: 'self'" to CSP for resources (#3578) 2018-09-25 11:55:02 +01:00
server_notices Merge branch 'develop' of github.com:matrix-org/synapse into erikj/admin_contact 2018-08-24 17:00:37 +01:00
state Remove unnecessary resolve_events_with_state_map 2018-08-22 15:41:15 +01:00
static/client Use recaptcha_ajax.js directly from Google 2018-08-22 14:30:49 +01:00
storage Fix client IPs being broken on Python 3 (#3908) 2018-09-20 20:14:34 +10:00
streams Fix develop because I broke it :( (#3535) 2018-07-14 09:51:00 +10:00
util Improve the logging when handling a federation transaction (#3904) 2018-09-19 17:28:18 +01:00
__init__.py bump version 2018-09-25 02:54:34 +10:00
event_auth.py Check m.room.create for sane room_versions 2018-08-06 16:11:24 +01:00
notifier.py Fixup 2018-09-19 11:19:47 +01:00
python_dependencies.py We require attrs 16.0.0 2018-09-25 10:43:39 +01:00
secrets.py Port over enough to get some sytests running on Python 3 (#3668) 2018-08-20 23:54:49 +10:00
server.py use abc.abstractproperty 2018-08-28 17:10:43 +01:00
server.pyi Send users a server notice about consent 2018-05-22 11:54:51 +01:00
types.py Python 3: Convert some unicode/bytes uses (#3569) 2018-08-02 00:54:06 +10:00
visibility.py Merge remote-tracking branch 'origin/develop' into rav/remove_who_forgot_in_room 2018-07-23 17:15:12 +01:00