diff options
author | Robert Long <robert@robertlong.me> | 2022-06-27 06:44:05 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-27 14:44:05 +0100 |
commit | 9b683ea80f94de4249264cbf375523b987900c89 (patch) | |
tree | b96da6baec0589be6fabda401ad2fdf7219adc81 /synapse/http | |
parent | Refactor the Dockerfile-workers configuration script to use Jinja2 templates ... (diff) | |
download | synapse-9b683ea80f94de4249264cbf375523b987900c89.tar.xz |
Add Cross-Origin-Resource-Policy header to thumbnail and download media endpoints (#12944)
Diffstat (limited to 'synapse/http')
-rw-r--r-- | synapse/http/server.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/synapse/http/server.py b/synapse/http/server.py index e3dcc3f3dd..cf2d6f904b 100644 --- a/synapse/http/server.py +++ b/synapse/http/server.py @@ -928,6 +928,17 @@ def set_cors_headers(request: Request) -> None: ) +def set_corp_headers(request: Request) -> None: + """Set the CORP headers so that javascript running in a web browsers can + embed the resource returned from this request when their client requires + the `Cross-Origin-Embedder-Policy: require-corp` header. + + Args: + request: The http request to add the CORP header to. + """ + request.setHeader(b"Cross-Origin-Resource-Policy", b"cross-origin") + + def respond_with_html(request: Request, code: int, html: str) -> None: """ Wraps `respond_with_html_bytes` by first encoding HTML from a str to UTF-8 bytes. |