synapse/changelog.d
Jérémy Farnaud 6cf261930a added "media-src: 'self'" to CSP for resources (#3578)
Synapse doesn’t allow for media resources to be played directly from
Chrome. It is a problem for users on other networks (e.g. IRC)
communicating with Matrix users through a gateway. The gateway sends
them the raw URL for the resource when a Matrix user uploads a video
and the video cannot be played directly in Chrome using that URL.

Chrome argues it is not authorized to play the video because of the
Content Security Policy. Chrome checks for the "media-src" policy which
is missing, and defauts to the "default-src" policy which is "none".

As Synapse already sends "object-src: 'self'" I thought it wouldn’t be
a problem to add "media-src: 'self'" to the CSP to fix this problem.
2018-09-25 11:55:02 +01:00
..
.gitignore Correct attrs package name in requirements (#3492) 2018-07-07 10:46:59 +10:00
3578.bugfix added "media-src: 'self'" to CSP for resources (#3578) 2018-09-25 11:55:02 +01:00
3699.misc Add a way to run tests in PostgreSQL in Docker (#3699) 2018-09-20 18:12:45 +10:00
3868.bugfix towncrier 2018-09-13 22:53:35 +01:00
3873.misc Remove documentation referencing Cygwin (#3873) 2018-09-19 18:14:30 +10:00
3879.bugfix changelog 2018-09-15 22:28:28 +01:00
3883.feature Adding the ability to change MAX_UPLOAD_SIZE for the docker container variables. 2018-09-16 13:33:33 +10:00
3889.bugfix changelog 2018-09-17 13:21:08 +01:00
3892.bugfix changelog 2018-09-17 16:17:25 +01:00
3894.feature Create 3894.feature 2018-09-17 17:48:48 +01:00
3895.bugfix changelog 2018-09-17 17:18:26 +01:00
3897.misc Add changelog 2018-09-17 22:07:19 -05:00
3899.bugfix Use directory server for room joins (#3899) 2018-09-18 18:27:37 +01:00
3903.misc changelog 2018-09-18 15:05:26 +01:00
3904.misc Improve the logging when handling a federation transaction (#3904) 2018-09-19 17:28:18 +01:00
3906.misc Refactor matrixfederationclient to fix logging (#3906) 2018-09-18 18:17:15 +01:00
3907.bugfix changelog 2018-09-18 17:04:20 +01:00
3908.bugfix Fix client IPs being broken on Python 3 (#3908) 2018-09-20 20:14:34 +10:00
3909.misc update changelog for #3909 2018-09-19 09:17:54 +01:00
3910.bugfix Fixup 2018-09-19 11:19:47 +01:00
3912.misc Add a regression test for logging on failed connections (#3912) 2018-09-20 16:28:18 +10:00
3914.bugfix Fix up changelog and remove spurious comment 2018-09-19 14:45:14 +01:00
3916.feature Always LL ourselves if we're in a room to simplify clients (#3916) 2018-09-20 21:21:54 +01:00
3925.misc Newsfile 2018-09-20 13:52:09 +01:00
3927.misc Newsfile 2018-09-20 16:16:52 +01:00
3936.bugfix Only lazy load self-members on initial sync 2018-09-25 00:49:26 +01:00
3947.misc changelog 2018-09-25 10:45:34 +01:00