diff options
| author | Patrick Cloke <patrickc@matrix.org> | 2020-07-01 09:10:23 -0400 |
|---|---|---|
| committer | Patrick Cloke <patrickc@matrix.org> | 2020-07-02 09:58:31 -0400 |
| commit | ea26e9a98b0541fc886a1cb826a38352b7599dbe (patch) | |
| tree | 4bd1846684cbbc1b9db97f3f5671f1e0cd54e1b2 /synapse/rest/consent/consent_resource.py | |
| parent | Fix changelog wording (diff) | |
| download | synapse-ea26e9a98b0541fc886a1cb826a38352b7599dbe.tar.xz | |
Ensure that HTML pages served from Synapse include headers to avoid embedding.
Diffstat (limited to 'synapse/rest/consent/consent_resource.py')
| -rw-r--r-- | synapse/rest/consent/consent_resource.py | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/synapse/rest/consent/consent_resource.py b/synapse/rest/consent/consent_resource.py index 1ddf9997ff..4a20282d1b 100644 --- a/synapse/rest/consent/consent_resource.py +++ b/synapse/rest/consent/consent_resource.py @@ -29,7 +29,7 @@ from synapse.api.errors import NotFoundError, StoreError, SynapseError from synapse.config import ConfigError from synapse.http.server import ( DirectServeResource, - finish_request, + respond_with_html, wrap_html_request_handler, ) from synapse.http.servlet import parse_string @@ -197,12 +197,8 @@ class ConsentResource(DirectServeResource): template_html = self._jinja_env.get_template( path.join(TEMPLATE_LANGUAGE, template_name) ) - html_bytes = template_html.render(**template_args).encode("utf8") - - request.setHeader(b"Content-Type", b"text/html; charset=utf-8") - request.setHeader(b"Content-Length", b"%i" % len(html_bytes)) - request.write(html_bytes) - finish_request(request) + html = template_html.render(**template_args) + respond_with_html(request, 200, html) def _check_hash(self, userid, userhmac): """ |