synapse-product/synapse/rest/media/v1
Jérémy Farnaud 6cf261930a added "media-src: 'self'" to CSP for resources (#3578)
Synapse doesn’t allow for media resources to be played directly from
Chrome. It is a problem for users on other networks (e.g. IRC)
communicating with Matrix users through a gateway. The gateway sends
them the raw URL for the resource when a Matrix user uploads a video
and the video cannot be played directly in Chrome using that URL.

Chrome argues it is not authorized to play the video because of the
Content Security Policy. Chrome checks for the "media-src" policy which
is missing, and defauts to the "default-src" policy which is "none".

As Synapse already sends "object-src: 'self'" I thought it wouldn’t be
a problem to add "media-src: 'self'" to the CSP to fix this problem.
2018-09-25 11:55:02 +01:00
..
__init__.py copyrights 2016-01-07 04:26:29 +00:00
_base.py Port rest/ to Python 3 (#3823) 2018-09-12 20:41:31 +10:00
config_resource.py Add GET media/v1/config (#3184) 2018-08-16 14:23:38 +01:00
download_resource.py added "media-src: 'self'" to CSP for resources (#3578) 2018-09-25 11:55:02 +01:00
filepath.py run isort 2018-07-09 16:09:20 +10:00
identicon_resource.py check isort by travis 2018-07-16 13:57:33 +02:00
media_repository.py Port rest/ to Python 3 (#3823) 2018-09-12 20:41:31 +10:00
media_storage.py Python 3: Convert some unicode/bytes uses (#3569) 2018-08-02 00:54:06 +10:00
preview_url_resource.py Port rest/ to Python 3 (#3823) 2018-09-12 20:41:31 +10:00
storage_provider.py run isort 2018-07-09 16:09:20 +10:00
thumbnail_resource.py run isort 2018-07-09 16:09:20 +10:00
thumbnailer.py run isort 2018-07-09 16:09:20 +10:00
upload_resource.py Port over enough to get some sytests running on Python 3 (#3668) 2018-08-20 23:54:49 +10:00