Add CORP headers to media repo

MSC: matrix-org/matrix-spec-proposals#3828
matrix-org · Aug 2, 2022 · bd66aa1 · bd66aa1
1 parent b36d4ef
commit bd66aa1
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/changelogs/client_server/newsfragments/1197.feature b/changelogs/client_server/newsfragments/1197.feature
@@ -0,0 +1 @@
+Add `Cross-Origin-Resource-Policy` (CORP) headers to media repository, as per [MSC3828](https://github.com/matrix-org/matrix-spec-proposals/pull/3828).
diff --git a/content/client-server-api/modules/content_repo.md b/content/client-server-api/modules/content_repo.md
@@ -19,6 +19,12 @@ When serving content, the server SHOULD provide a
 `Content-Security-Policy` header. The recommended policy is
 `sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';`.
 
+{{% added-in v="1.4" %}}
+
+The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
+when serving content to allow (web) clients access to APIs which interact
+with the media repository, such as `SharedArrayBuffer`.
+
 #### Matrix Content (MXC) URIs
 
 Content locations are represented as Matrix Content (MXC) URIs. They
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Add `Cross-Origin-Resource-Policy` (CORP) headers to media repository, as per [MSC3828](https://github.com/matrix-org/matrix-spec-proposals/pull/3828).