Add CORP headers to media repo

MSC: https://github.com/matrix-org/matrix-spec-proposals/pull/3828
2026-03-26 13:04:10 +01:00 · 2022-08-02 17:30:14 -06:00 · 2022-08-02 17:30:14 -06:00 · bd66aa1c38
parent b36d4eff7d
commit bd66aa1c38
2 changed files with 7 additions and 0 deletions
--- a/changelogs/client_server/newsfragments/1197.feature
+++ b/changelogs/client_server/newsfragments/1197.feature
@ -0,0 +1 @@
+Add `Cross-Origin-Resource-Policy` (CORP) headers to media repository, as per [MSC3828](https://github.com/matrix-org/matrix-spec-proposals/pull/3828).
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@ -19,6 +19,12 @@ When serving content, the server SHOULD provide a
 `Content-Security-Policy` header. The recommended policy is
 `sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';`.

+{{% added-in v="1.4" %}}
+
+The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
+when serving content to allow (web) clients access to APIs which interact
+with the media repository, such as `SharedArrayBuffer`.
+
 #### Matrix Content (MXC) URIs

 Content locations are represented as Matrix Content (MXC) URIs. They
				`@ -0,0 +1 @@`
				Add `Cross-Origin-Resource-Policy` (CORP) headers to media repository, as per [MSC3828](https://github.com/matrix-org/matrix-spec-proposals/pull/3828).