Merge remote-tracking branch 'origin/develop' into matrix-org-hotfixes

author: Olivier Wilkinson (reivilibre) <olivier@librepush.net> 2021-08-03 10:34:44 +0100
committer: Olivier Wilkinson (reivilibre) <olivier@librepush.net> 2021-08-03 10:34:44 +0100
commit: 11dda97e86579d807528392df7ba3c3efdd03c01 (patch)
tree: 003e6d55563e78ccca0e9f4a2b1c798231038370 /synapse/rest/media/v1/download_resource.py
parent: Merge branch 'release-v1.39' of github.com:matrix-org/synapse into matrix-org... (diff)
parent: Fix the `tests-done` github actions step, again (#10512) (diff)
download: synapse-11dda97e86579d807528392df7ba3c3efdd03c01.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/synapse/rest/media/v1/download_resource.py b/synapse/rest/media/v1/download_resource.py
index cd2468f9c5..d6d938953e 100644
--- a/synapse/rest/media/v1/download_resource.py
+++ b/synapse/rest/media/v1/download_resource.py
@@ -49,6 +49,8 @@ class DownloadResource(DirectServeJsonResource):
             b" media-src 'self';"
             b" object-src 'self';",
         )
+        # Limited non-standard form of CSP for IE11
+        request.setHeader(b"X-Content-Security-Policy", b"sandbox;")
         request.setHeader(
             b"Referrer-Policy",
             b"no-referrer",
author	Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2021-08-03 10:34:44 +0100
committer	Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2021-08-03 10:34:44 +0100
commit	11dda97e86579d807528392df7ba3c3efdd03c01 (patch)
tree	003e6d55563e78ccca0e9f4a2b1c798231038370 /synapse/rest/media/v1/download_resource.py
parent	Merge branch 'release-v1.39' of github.com:matrix-org/synapse into matrix-org... (diff)
parent	Fix the `tests-done` github actions step, again (#10512) (diff)
download	synapse-11dda97e86579d807528392df7ba3c3efdd03c01.tar.xz