Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Set Referrer-Policy to no-referrer for media
Browse files Browse the repository at this point in the history
  • Loading branch information
@Erethon
Erethon committed Mar 5, 2020
1 parent 87972f0 commit 352ca69
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions changelog.d/7009.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Set `Referrer-Policy` header to `no-referrer` on media downloads.
3 changes: 3 additions & 0 deletions synapse/rest/media/v1/download_resource.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ async def _async_render_GET(self, request):
b" media-src 'self';"
b" object-src 'self';",
)
request.setHeader(
b"Referrer-Policy", b"no-referrer",
)
server_name, media_id, name = parse_media_id(request)
if server_name == self.server_name:
await self.media_repo.get_local_media(request, media_id, name)
Expand Down

0 comments on commit 352ca69

Please sign in to comment.