From e6e7e52034803b75d63b172f385117cde05214b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Commaille?= Date: Sun, 2 Oct 2022 16:24:57 +0200 Subject: [PATCH] client-api: Send CORP headers by default for media responses According to MSC3828. --- crates/ruma-client-api/CHANGELOG.md | 1 + crates/ruma-client-api/src/http_headers.rs | 10 ++++++++++ crates/ruma-client-api/src/lib.rs | 1 + .../src/media/create_content_async.rs | 1 + .../ruma-client-api/src/media/get_content.rs | 19 ++++++++++++++++++- .../src/media/get_content_as_filename.rs | 19 ++++++++++++++++++- .../src/media/get_content_thumbnail.rs | 18 ++++++++++++++++-- .../tests/api/ui/01-api-sanity-check.rs | 1 + .../ruma-common/tests/api/ui/03-move-value.rs | 3 +++ .../ruma-common/tests/api/ui/04-attributes.rs | 1 + .../tests/api/ui/04-attributes.stderr | 4 ++-- 11 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 crates/ruma-client-api/src/http_headers.rs diff --git a/crates/ruma-client-api/CHANGELOG.md b/crates/ruma-client-api/CHANGELOG.md index f21d0456..5c33c156 100644 --- a/crates/ruma-client-api/CHANGELOG.md +++ b/crates/ruma-client-api/CHANGELOG.md @@ -17,6 +17,7 @@ Improvements: * Stabilize support for private read receipts * Add support for the pagination direction parameter to `/relations` (MSC3715 / Matrix 1.4) * Add support for notifications for threads (MSC3773 / Matrix 1.4) +* Send CORP headers by default for media responses (MSC3828 / Matrix 1.4) # 0.15.1 diff --git a/crates/ruma-client-api/src/http_headers.rs b/crates/ruma-client-api/src/http_headers.rs new file mode 100644 index 00000000..58e57d09 --- /dev/null +++ b/crates/ruma-client-api/src/http_headers.rs @@ -0,0 +1,10 @@ +//! Custom HTTP headers not defined in the `http` crate. +#![allow(clippy::declare_interior_mutable_const)] + +use http::header::HeaderName; + +/// The [`Cross-Origin-Resource-Policy`] HTTP response header. +/// +/// [`Cross-Origin-Resource-Policy`]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy +pub const CROSS_ORIGIN_RESOURCE_POLICY: HeaderName = + HeaderName::from_static("cross-origin-resource-policy"); diff --git a/crates/ruma-client-api/src/lib.rs b/crates/ruma-client-api/src/lib.rs index 72678dac..5d7489db 100644 --- a/crates/ruma-client-api/src/lib.rs +++ b/crates/ruma-client-api/src/lib.rs @@ -20,6 +20,7 @@ pub mod directory; pub mod discovery; pub mod error; pub mod filter; +pub mod http_headers; pub mod keys; pub mod knock; pub mod media; diff --git a/crates/ruma-client-api/src/media/create_content_async.rs b/crates/ruma-client-api/src/media/create_content_async.rs index 63d76325..eb23097e 100644 --- a/crates/ruma-client-api/src/media/create_content_async.rs +++ b/crates/ruma-client-api/src/media/create_content_async.rs @@ -5,6 +5,7 @@ pub mod unstable { //! //! [spec]: https://github.com/tulir/matrix-doc/blob/asynchronous_uploads/proposals/2246-asynchronous-uploads.md + use http::header::CONTENT_TYPE; use ruma_common::{api::ruma_api, IdParseError, MxcUri, ServerName}; ruma_api! { diff --git a/crates/ruma-client-api/src/media/get_content.rs b/crates/ruma-client-api/src/media/get_content.rs index f1dab5f5..83e9da13 100644 --- a/crates/ruma-client-api/src/media/get_content.rs +++ b/crates/ruma-client-api/src/media/get_content.rs @@ -10,6 +10,8 @@ pub mod v3 { use js_int::UInt; use ruma_common::{api::ruma_api, IdParseError, MxcUri, ServerName}; + use crate::http_headers::CROSS_ORIGIN_RESOURCE_POLICY; + ruma_api! { metadata: { description: "Retrieve content from the media store.", @@ -71,6 +73,14 @@ pub mod v3 { /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#Syntax #[ruma_api(header = CONTENT_DISPOSITION)] pub content_disposition: Option, + + /// The value of the `Cross-Origin-Resource-Policy` HTTP header. + /// + /// See [MDN] for the syntax. + /// + /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy#syntax + #[ruma_api(header = CROSS_ORIGIN_RESOURCE_POLICY)] + pub cross_origin_resource_policy: Option, } error: crate::Error @@ -98,8 +108,15 @@ pub mod v3 { impl Response { /// Creates a new `Response` with the given file contents. + /// + /// The Cross-Origin Resource Policy defaults to `cross-origin`. pub fn new(file: Vec) -> Self { - Self { file, content_type: None, content_disposition: None } + Self { + file, + content_type: None, + content_disposition: None, + cross_origin_resource_policy: Some("cross-origin".to_owned()), + } } } } diff --git a/crates/ruma-client-api/src/media/get_content_as_filename.rs b/crates/ruma-client-api/src/media/get_content_as_filename.rs index 93011caa..c45ab8b8 100644 --- a/crates/ruma-client-api/src/media/get_content_as_filename.rs +++ b/crates/ruma-client-api/src/media/get_content_as_filename.rs @@ -8,6 +8,8 @@ pub mod v3 { use http::header::{CONTENT_DISPOSITION, CONTENT_TYPE}; use ruma_common::{api::ruma_api, IdParseError, MxcUri, ServerName}; + use crate::http_headers::CROSS_ORIGIN_RESOURCE_POLICY; + ruma_api! { metadata: { description: "Retrieve content from the media store, specifying a filename to return.", @@ -58,6 +60,14 @@ pub mod v3 { /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#Syntax #[ruma_api(header = CONTENT_DISPOSITION)] pub content_disposition: Option, + + /// The value of the `Cross-Origin-Resource-Policy` HTTP header. + /// + /// See [MDN] for the syntax. + /// + /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy#syntax + #[ruma_api(header = CROSS_ORIGIN_RESOURCE_POLICY)] + pub cross_origin_resource_policy: Option, } error: crate::Error @@ -79,8 +89,15 @@ pub mod v3 { impl Response { /// Creates a new `Response` with the given file. + /// + /// The Cross-Origin Resource Policy defaults to `cross-origin`. pub fn new(file: Vec) -> Self { - Self { file, content_type: None, content_disposition: None } + Self { + file, + content_type: None, + content_disposition: None, + cross_origin_resource_policy: Some("cross-origin".to_owned()), + } } } } diff --git a/crates/ruma-client-api/src/media/get_content_thumbnail.rs b/crates/ruma-client-api/src/media/get_content_thumbnail.rs index b39545ec..59f94ed1 100644 --- a/crates/ruma-client-api/src/media/get_content_thumbnail.rs +++ b/crates/ruma-client-api/src/media/get_content_thumbnail.rs @@ -9,7 +9,7 @@ pub mod v3 { use js_int::UInt; use ruma_common::{api::ruma_api, serde::StringEnum, IdParseError, MxcUri, ServerName}; - use crate::PrivOwnedStr; + use crate::{http_headers::CROSS_ORIGIN_RESOURCE_POLICY, PrivOwnedStr}; ruma_api! { metadata: { @@ -79,6 +79,14 @@ pub mod v3 { /// The content type of the thumbnail. #[ruma_api(header = CONTENT_TYPE)] pub content_type: Option, + + /// The value of the `Cross-Origin-Resource-Policy` HTTP header. + /// + /// See [MDN] for the syntax. + /// + /// [MDN]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy#syntax + #[ruma_api(header = CROSS_ORIGIN_RESOURCE_POLICY)] + pub cross_origin_resource_policy: Option, } error: crate::Error @@ -116,8 +124,14 @@ pub mod v3 { impl Response { /// Creates a new `Response` with the given thumbnail. + /// + /// The Cross-Origin Resource Policy defaults to `cross-origin`. pub fn new(file: Vec) -> Self { - Self { file, content_type: None } + Self { + file, + content_type: None, + cross_origin_resource_policy: Some("cross-origin".to_owned()), + } } } diff --git a/crates/ruma-common/tests/api/ui/01-api-sanity-check.rs b/crates/ruma-common/tests/api/ui/01-api-sanity-check.rs index b5bf730c..f338d59b 100644 --- a/crates/ruma-common/tests/api/ui/01-api-sanity-check.rs +++ b/crates/ruma-common/tests/api/ui/01-api-sanity-check.rs @@ -1,3 +1,4 @@ +use http::header::CONTENT_TYPE; use ruma_common::{ api::ruma_api, events::{tag::TagEvent, AnyTimelineEvent}, diff --git a/crates/ruma-common/tests/api/ui/03-move-value.rs b/crates/ruma-common/tests/api/ui/03-move-value.rs index ca7bf40c..5be84d39 100644 --- a/crates/ruma-common/tests/api/ui/03-move-value.rs +++ b/crates/ruma-common/tests/api/ui/03-move-value.rs @@ -2,6 +2,7 @@ // consume the request/response. mod newtype_body { + use http::header::CONTENT_TYPE; use ruma_common::{api::ruma_api, OwnedUserId}; #[derive(Clone, Debug, serde::Deserialize, serde::Serialize)] @@ -42,6 +43,7 @@ mod newtype_body { } mod raw_body { + use http::header::CONTENT_TYPE; use ruma_common::{api::ruma_api, OwnedUserId}; ruma_api! { @@ -79,6 +81,7 @@ mod raw_body { } mod plain { + use http::header::CONTENT_TYPE; use ruma_common::{api::ruma_api, OwnedUserId}; #[derive(Clone, Debug, serde::Deserialize, serde::Serialize)] diff --git a/crates/ruma-common/tests/api/ui/04-attributes.rs b/crates/ruma-common/tests/api/ui/04-attributes.rs index f23a1025..3aa07c7b 100644 --- a/crates/ruma-common/tests/api/ui/04-attributes.rs +++ b/crates/ruma-common/tests/api/ui/04-attributes.rs @@ -1,3 +1,4 @@ +use http::header::CONTENT_TYPE; use ruma_common::api::ruma_api; ruma_api! { diff --git a/crates/ruma-common/tests/api/ui/04-attributes.stderr b/crates/ruma-common/tests/api/ui/04-attributes.stderr index e2bb1a28..8518b81f 100644 --- a/crates/ruma-common/tests/api/ui/04-attributes.stderr +++ b/crates/ruma-common/tests/api/ui/04-attributes.stderr @@ -1,5 +1,5 @@ error: cannot find attribute `not_a_real_attribute_should_fail` in this scope - --> $DIR/04-attributes.rs:13:7 + --> $DIR/04-attributes.rs:14:7 | -13 | #[not_a_real_attribute_should_fail] +14 | #[not_a_real_attribute_should_fail] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^