Set CORs headers on responses from the media repo

8 years ago · b1c27975d0
parent dc155f4c2c
commit b1c27975d0
3 changed files with 22 additions and 7 deletions
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@ -392,17 +392,30 @@ def respond_with_json_bytes(request, code, json_bytes, send_cors=False,
    request.setHeader(b"Content-Length", b"%d" % (len(json_bytes),))

    if send_cors:
-        request.setHeader("Access-Control-Allow-Origin", "*")
-        request.setHeader("Access-Control-Allow-Methods",
-                          "GET, POST, PUT, DELETE, OPTIONS")
-        request.setHeader("Access-Control-Allow-Headers",
-                          "Origin, X-Requested-With, Content-Type, Accept")
+        set_cors_headers(request)

    request.write(json_bytes)
    finish_request(request)
    return NOT_DONE_YET


+def set_cors_headers(request):
+    """Set the CORs headers so that javascript running in a web browsers can
+    use this API
+
+    Args:
+        request (twisted.web.http.Request): The http request to add CORs to.
+    """
+    request.setHeader("Access-Control-Allow-Origin", "*")
+    request.setHeader(
+        "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"
+    )
+    request.setHeader(
+        "Access-Control-Allow-Headers",
+        "Origin, X-Requested-With, Content-Type, Accept"
+    )
+
+
 def finish_request(request):
    """ Finish writing the response to the request.

--- a/synapse/rest/media/v1/download_resource.py
+++ b/synapse/rest/media/v1/download_resource.py
@ -15,7 +15,7 @@

 from ._base import parse_media_id, respond_with_file, respond_404
 from twisted.web.resource import Resource
-from synapse.http.server import request_handler
+from synapse.http.server import request_handler, set_cors_headers

 from twisted.web.server import NOT_DONE_YET
 from twisted.internet import defer
@ -45,6 +45,7 @@ class DownloadResource(Resource):
    @request_handler()
    @defer.inlineCallbacks
    def _async_render_GET(self, request):
+        set_cors_headers(request)
        request.setHeader(
            "Content-Security-Policy",
            "default-src 'none';"
--- a/synapse/rest/media/v1/thumbnail_resource.py
+++ b/synapse/rest/media/v1/thumbnail_resource.py
@ -17,7 +17,7 @@
 from ._base import parse_media_id, respond_404, respond_with_file
 from twisted.web.resource import Resource
 from synapse.http.servlet import parse_string, parse_integer
-from synapse.http.server import request_handler
+from synapse.http.server import request_handler, set_cors_headers

 from twisted.web.server import NOT_DONE_YET
 from twisted.internet import defer
@ -48,6 +48,7 @@ class ThumbnailResource(Resource):
    @request_handler()
    @defer.inlineCallbacks
    def _async_render_GET(self, request):
+        set_cors_headers(request)
        server_name, media_id, _ = parse_media_id(request)
        width = parse_integer(request, "width")
        height = parse_integer(request, "height")