summary refs log tree commit diff
path: root/synapse/http/server.py
diff options
context:
space:
mode:
authorRobert Long <robert@robertlong.me>2022-06-27 06:44:05 -0700
committerGitHub <noreply@github.com>2022-06-27 14:44:05 +0100
commit9b683ea80f94de4249264cbf375523b987900c89 (patch)
treeb96da6baec0589be6fabda401ad2fdf7219adc81 /synapse/http/server.py
parentRefactor the Dockerfile-workers configuration script to use Jinja2 templates ... (diff)
downloadsynapse-9b683ea80f94de4249264cbf375523b987900c89.tar.xz
Add Cross-Origin-Resource-Policy header to thumbnail and download media endpoints (#12944)
Diffstat (limited to 'synapse/http/server.py')
-rw-r--r--synapse/http/server.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/synapse/http/server.py b/synapse/http/server.py
index e3dcc3f3dd..cf2d6f904b 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -928,6 +928,17 @@ def set_cors_headers(request: Request) -> None:
     )
 
 
+def set_corp_headers(request: Request) -> None:
+    """Set the CORP headers so that javascript running in a web browsers can
+    embed the resource returned from this request when their client requires
+    the `Cross-Origin-Embedder-Policy: require-corp` header.
+
+    Args:
+        request: The http request to add the CORP header to.
+    """
+    request.setHeader(b"Cross-Origin-Resource-Policy", b"cross-origin")
+
+
 def respond_with_html(request: Request, code: int, html: str) -> None:
     """
     Wraps `respond_with_html_bytes` by first encoding HTML from a str to UTF-8 bytes.