client-api: Send CORP headers by default for media responses

According to MSC3828.

crates/ruma-client-api/CHANGELOG.md

@@ -17,6 +17,7 @@ Improvements:
 * Stabilize support for private read receipts
 * Add support for the pagination direction parameter to `/relations` (MSC3715 / Matrix 1.4)
 * Add support for notifications for threads (MSC3773 / Matrix 1.4)
+* Send CORP headers by default for media responses (MSC3828 / Matrix 1.4)
 
 # 0.15.1
 

crates/ruma-client-api/src/http_headers.rs

@@ -0,0 +1,10 @@
+//! Custom HTTP headers not defined in the `http` crate.
+#![allow(clippy::declare_interior_mutable_const)]
+
+use http::header::HeaderName;
+
+/// The [`Cross-Origin-Resource-Policy`] HTTP response header.
+///
+/// [`Cross-Origin-Resource-Policy`]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
+pub const CROSS_ORIGIN_RESOURCE_POLICY: HeaderName =
+    HeaderName::from_static("cross-origin-resource-policy");

crates/ruma-client-api/src/lib.rs

@@ -20,6 +20,7 @@ pub mod directory;
 pub mod discovery;
 pub mod error;
 pub mod filter;
+pub mod http_headers;
 pub mod keys;
 pub mod knock;
 pub mod media;

crates/ruma-client-api/src/media/create_content_async.rs

@@ -5,6 +5,7 @@ pub mod unstable {
     //!
     //! [spec]: https://github.com/tulir/matrix-doc/blob/asynchronous_uploads/proposals/2246-asynchronous-uploads.md
 
+    use http::header::CONTENT_TYPE;
     use ruma_common::{api::ruma_api, IdParseError, MxcUri, ServerName};
 
     ruma_api! {

crates/ruma-client-api/src/media/get_content.rs

@@ -10,6 +10,8 @@ pub mod v3 {
     use js_int::UInt;
     use ruma_common::{api::ruma_api, IdParseError, MxcUri, ServerName};
 
+    use crate::http_headers::CROSS_ORIGIN_RESOURCE_POLICY;
+
     ruma_api! {
         metadata: {
             description: "Retrieve content from the media store.",
@@ -71,6 +73,14 @@ pub mod v3 {
             /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#Syntax
             #[ruma_api(header = CONTENT_DISPOSITION)]
             pub content_disposition: Option<String>,
+
+            /// The value of the `Cross-Origin-Resource-Policy` HTTP header.
+            ///
+            /// See [MDN] for the syntax.
+            ///
+            /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy#syntax
+            #[ruma_api(header = CROSS_ORIGIN_RESOURCE_POLICY)]
+            pub cross_origin_resource_policy: Option<String>,
         }
 
         error: crate::Error
@@ -98,8 +108,15 @@ pub mod v3 {
 
     impl Response {
         /// Creates a new `Response` with the given file contents.
+        ///
+        /// The Cross-Origin Resource Policy defaults to `cross-origin`.
         pub fn new(file: Vec<u8>) -> Self {
-            Self { file, content_type: None, content_disposition: None }
+            Self {
+                file,
+                content_type: None,
+                content_disposition: None,
+                cross_origin_resource_policy: Some("cross-origin".to_owned()),
+            }
         }
     }
 }

crates/ruma-client-api/src/media/get_content_as_filename.rs

@@ -8,6 +8,8 @@ pub mod v3 {
     use http::header::{CONTENT_DISPOSITION, CONTENT_TYPE};
     use ruma_common::{api::ruma_api, IdParseError, MxcUri, ServerName};
 
+    use crate::http_headers::CROSS_ORIGIN_RESOURCE_POLICY;
+
     ruma_api! {
         metadata: {
             description: "Retrieve content from the media store, specifying a filename to return.",
@@ -58,6 +60,14 @@ pub mod v3 {
             /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#Syntax
             #[ruma_api(header = CONTENT_DISPOSITION)]
             pub content_disposition: Option<String>,
+
+            /// The value of the `Cross-Origin-Resource-Policy` HTTP header.
+            ///
+            /// See [MDN] for the syntax.
+            ///
+            /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy#syntax
+            #[ruma_api(header = CROSS_ORIGIN_RESOURCE_POLICY)]
+            pub cross_origin_resource_policy: Option<String>,
         }
 
         error: crate::Error
@@ -79,8 +89,15 @@ pub mod v3 {
 
     impl Response {
         /// Creates a new `Response` with the given file.
+        ///
+        /// The Cross-Origin Resource Policy defaults to `cross-origin`.
         pub fn new(file: Vec<u8>) -> Self {
-            Self { file, content_type: None, content_disposition: None }
+            Self {
+                file,
+                content_type: None,
+                content_disposition: None,
+                cross_origin_resource_policy: Some("cross-origin".to_owned()),
+            }
         }
     }
 }

crates/ruma-client-api/src/media/get_content_thumbnail.rs

@@ -9,7 +9,7 @@ pub mod v3 {
     use js_int::UInt;
     use ruma_common::{api::ruma_api, serde::StringEnum, IdParseError, MxcUri, ServerName};
 
-    use crate::PrivOwnedStr;
+    use crate::{http_headers::CROSS_ORIGIN_RESOURCE_POLICY, PrivOwnedStr};
 
     ruma_api! {
         metadata: {
@@ -79,6 +79,14 @@ pub mod v3 {
             /// The content type of the thumbnail.
             #[ruma_api(header = CONTENT_TYPE)]
             pub content_type: Option<String>,
+
+            /// The value of the `Cross-Origin-Resource-Policy` HTTP header.
+            ///
+            /// See [MDN] for the syntax.
+            ///
+            /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy#syntax
+            #[ruma_api(header = CROSS_ORIGIN_RESOURCE_POLICY)]
+            pub cross_origin_resource_policy: Option<String>,
         }
 
         error: crate::Error
@@ -116,8 +124,14 @@ pub mod v3 {
 
     impl Response {
         /// Creates a new `Response` with the given thumbnail.
+        ///
+        /// The Cross-Origin Resource Policy defaults to `cross-origin`.
         pub fn new(file: Vec<u8>) -> Self {
-            Self { file, content_type: None }
+            Self {
+                file,
+                content_type: None,
+                cross_origin_resource_policy: Some("cross-origin".to_owned()),
+            }
         }
     }
 

crates/ruma-common/tests/api/ui/01-api-sanity-check.rs

@@ -1,3 +1,4 @@
+use http::header::CONTENT_TYPE;
 use ruma_common::{
     api::ruma_api,
     events::{tag::TagEvent, AnyTimelineEvent},

crates/ruma-common/tests/api/ui/03-move-value.rs

@@ -2,6 +2,7 @@
 // consume the request/response.
 
 mod newtype_body {
+    use http::header::CONTENT_TYPE;
     use ruma_common::{api::ruma_api, OwnedUserId};
 
     #[derive(Clone, Debug, serde::Deserialize, serde::Serialize)]
@@ -42,6 +43,7 @@ mod newtype_body {
 }
 
 mod raw_body {
+    use http::header::CONTENT_TYPE;
     use ruma_common::{api::ruma_api, OwnedUserId};
 
     ruma_api! {
@@ -79,6 +81,7 @@ mod raw_body {
 }
 
 mod plain {
+    use http::header::CONTENT_TYPE;
     use ruma_common::{api::ruma_api, OwnedUserId};
 
     #[derive(Clone, Debug, serde::Deserialize, serde::Serialize)]

crates/ruma-common/tests/api/ui/04-attributes.rs

@@ -1,3 +1,4 @@
+use http::header::CONTENT_TYPE;
 use ruma_common::api::ruma_api;
 
 ruma_api! {

crates/ruma-common/tests/api/ui/04-attributes.stderr

@@ -1,5 +1,5 @@
 error: cannot find attribute `not_a_real_attribute_should_fail` in this scope
-  --> $DIR/04-attributes.rs:13:7
+  --> $DIR/04-attributes.rs:14:7
    |
-13 |     #[not_a_real_attribute_should_fail]
+14 |     #[not_a_real_attribute_should_fail]
    |       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^