Set Referrer-Policy to no-referrer for media (#7009)

author: Dionysis Grigoropoulos <dgrig@erethon.com> 2020-03-23 11:48:28 +0200
committer: GitHub <noreply@github.com> 2020-03-23 09:48:28 +0000
commit: 96071eea8f5e18282c07da3a61e4b3431f694cc5 (patch)
tree: de65f5ae04b5be45a0381b123971b41cd142379b /synapse/rest
parent: Clean-up some auth/login REST code (#7115) (diff)
download: synapse-96071eea8f5e18282c07da3a61e4b3431f694cc5.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/synapse/rest/media/v1/download_resource.py b/synapse/rest/media/v1/download_resource.py
index 66a01559e1..24d3ae5bbc 100644
--- a/synapse/rest/media/v1/download_resource.py
+++ b/synapse/rest/media/v1/download_resource.py
@@ -50,6 +50,9 @@ class DownloadResource(DirectServeResource):
             b" media-src 'self';"
             b" object-src 'self';",
         )
+        request.setHeader(
+            b"Referrer-Policy", b"no-referrer",
+        )
         server_name, media_id, name = parse_media_id(request)
         if server_name == self.server_name:
             await self.media_repo.get_local_media(request, media_id, name)
author	Dionysis Grigoropoulos <dgrig@erethon.com>	2020-03-23 11:48:28 +0200
committer	GitHub <noreply@github.com>	2020-03-23 09:48:28 +0000
commit	96071eea8f5e18282c07da3a61e4b3431f694cc5 (patch)
tree	de65f5ae04b5be45a0381b123971b41cd142379b /synapse/rest
parent	Clean-up some auth/login REST code (#7115) (diff)
download	synapse-96071eea8f5e18282c07da3a61e4b3431f694cc5.tar.xz