diff options
author | Robert Long <robert@robertlong.me> | 2022-06-27 06:44:05 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-27 14:44:05 +0100 |
commit | 9b683ea80f94de4249264cbf375523b987900c89 (patch) | |
tree | b96da6baec0589be6fabda401ad2fdf7219adc81 /tests/rest/media/v1 | |
parent | Refactor the Dockerfile-workers configuration script to use Jinja2 templates ... (diff) | |
download | synapse-9b683ea80f94de4249264cbf375523b987900c89.tar.xz |
Add Cross-Origin-Resource-Policy header to thumbnail and download media endpoints (#12944)
Diffstat (limited to 'tests/rest/media/v1')
-rw-r--r-- | tests/rest/media/v1/test_media_storage.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/rest/media/v1/test_media_storage.py b/tests/rest/media/v1/test_media_storage.py index 7204b2dfe0..1c67e1ca91 100644 --- a/tests/rest/media/v1/test_media_storage.py +++ b/tests/rest/media/v1/test_media_storage.py @@ -481,6 +481,12 @@ class MediaRepoTests(unittest.HomeserverTestCase): if expected_found: self.assertEqual(channel.code, 200) + + self.assertEqual( + channel.headers.getRawHeaders(b"Cross-Origin-Resource-Policy"), + [b"cross-origin"], + ) + if expected_body is not None: self.assertEqual( channel.result["body"], expected_body, channel.result["body"] @@ -549,6 +555,20 @@ class MediaRepoTests(unittest.HomeserverTestCase): [b"noindex, nofollow, noarchive, noimageindex"], ) + def test_cross_origin_resource_policy_header(self) -> None: + """ + Test that the Cross-Origin-Resource-Policy header is set to "cross-origin" + allowing web clients to embed media from the downloads API. + """ + channel = self._req(b"inline; filename=out" + self.test_image.extension) + + headers = channel.headers + + self.assertEqual( + headers.getRawHeaders(b"Cross-Origin-Resource-Policy"), + [b"cross-origin"], + ) + class TestSpamChecker: """A spam checker module that rejects all media that includes the bytes |