summary refs log tree commit diff
path: root/synapse/rest/media/v1/download_resource.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add 'sandbox' to CSP for media repo (#4284)David Baker2018-12-111-1/+2
| | | | | | * Add 'sandbox' to the CSP for media repo * Changelog
* added "media-src: 'self'" to CSP for resources (#3578)Jérémy Farnaud2018-09-251-0/+1
| | | | | | | | | | | | | | | Synapse doesn’t allow for media resources to be played directly from Chrome. It is a problem for users on other networks (e.g. IRC) communicating with Matrix users through a gateway. The gateway sends them the raw URL for the resource when a Matrix user uploads a video and the video cannot be played directly in Chrome using that URL. Chrome argues it is not authorized to play the video because of the Content Security Policy. Chrome checks for the "media-src" policy which is missing, and defauts to the "default-src" policy which is "none". As Synapse already sends "object-src: 'self'" I thought it wouldn’t be a problem to add "media-src: 'self'" to the CSP to fix this problem.
* Port rest/ to Python 3 (#3823)Amber Brown2018-09-121-6/+6
|
* run isortAmber Brown2018-07-091-4/+2
|
* Set Server header in SynapseRequestRichard van der Hoff2018-05-101-2/+1
| | | | | | | | | | | | (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really.
* Remove redundant request_handler decoratorRichard van der Hoff2018-05-101-7/+9
| | | | | | This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler.
* Add missing class varErik Johnston2018-01-121-0/+3
|
* Remove unused variablesErik Johnston2018-01-121-3/+0
|
* Use MediaStorage for remote mediaErik Johnston2018-01-091-32/+11
|
* Use MediaStorage for local filesErik Johnston2018-01-091-23/+1
|
* Store URL cache preview downloads seperatelyErik Johnston2017-06-231-1/+6
| | | | This makes it easier to clear old media out at a later date
* Add API to quarantine mediaErik Johnston2017-06-191-1/+1
|
* Fix routing loop when fetching remote mediaRichard van der Hoff2017-03-131-0/+12
| | | | | | | | | | | When we proxy a media request to a remote server, add a query-param, which will tell the remote server to 404 if it doesn't recognise the server_name. This should fix a routing loop where the server keeps forwarding back to itself. Also improves the error handling on remote media fetches, so that we don't always return a rather obscure 502.
* Set CORs headers on responses from the media repoMark Haines2016-11-021-1/+2
|
* Add quotes and be explicity about script-srcErik Johnston2016-09-051-1/+2
|
* Allow PDF to be rendered from media repoErik Johnston2016-09-051-1/+7
|
* Set `Content-Security-Policy` on media repoErik Johnston2016-08-171-0/+1
| | | | | This is to inform browsers that they should sandbox the returned media. This is particularly cruical for javascript/HTML files.
* Report per request metrics for all of the things using request_handlerMark Haines2016-04-281-1/+2
|
* Move MediaRepository to media_repository moduleErik Johnston2016-04-191-1/+1
|
* Split out BaseMediaResource into MediaRepositoryErik Johnston2016-04-191-6/+18
| | | | | | | | | This is so that a single MediaRepository can be shared across all resources, rather than having a "copy" per resource. In particular this allows us to guard against both the thumbnail and download resource triggering a download of remote content at the same time.
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* If user supplies filename in URL when downloading from media repo, use that ↵Erik Johnston2015-07-031-7/+9
| | | | name in Content Disposition
* Add Content-Disposition headers to media repo v1 downloadsErik Johnston2015-06-301-2/+6
|
* Combine the request wrappers in rest/media/v1 and http/server into a single ↵Mark Haines2015-04-211-8/+4
| | | | wrapper decorator
* Move rest APIs back under the rest directoryMark Haines2015-01-221-0/+74
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-03 09:57:13 +0000