From bd66aa1c38eaf79ddb1f83821d76270db46fe1c9 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Tue, 2 Aug 2022 17:30:14 -0600
Subject: [PATCH 1/5] Add CORP headers to media repo

MSC: https://github.com/matrix-org/matrix-spec-proposals/pull/3828
---
 changelogs/client_server/newsfragments/1197.feature | 1 +
 content/client-server-api/modules/content_repo.md   | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 changelogs/client_server/newsfragments/1197.feature

diff --git a/changelogs/client_server/newsfragments/1197.feature b/changelogs/client_server/newsfragments/1197.feature
new file mode 100644
index 000000000..d4ea9b428
--- /dev/null
+++ b/changelogs/client_server/newsfragments/1197.feature
@@ -0,0 +1 @@
+Add `Cross-Origin-Resource-Policy` (CORP) headers to media repository, as per [MSC3828](https://github.com/matrix-org/matrix-spec-proposals/pull/3828).
\ No newline at end of file
diff --git a/content/client-server-api/modules/content_repo.md b/content/client-server-api/modules/content_repo.md
index 467065a57..86ac98a7e 100644
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@@ -19,6 +19,12 @@ When serving content, the server SHOULD provide a
 `Content-Security-Policy` header. The recommended policy is
 `sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';`.
 
+{{% added-in v="1.4" %}}
+
+The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
+when serving content to allow (web) clients access to APIs which interact
+with the media repository, such as `SharedArrayBuffer`.
+
 #### Matrix Content (MXC) URIs
 
 Content locations are represented as Matrix Content (MXC) URIs. They

From 9fb8ccae73cc8d9542641f79a03a459f0910575b Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Mon, 8 Aug 2022 19:31:49 -0600
Subject: [PATCH 2/5] Write weird CSS rules to make added-in work inline in the
 CS spec

Even though our content doesn't need 2 paragraphs, it's good to have the capability to render it in the future.
---
 assets/scss/custom.scss                       | 23 +++++++++++++++++++
 .../client-server-api/modules/content_repo.md |  8 ++++---
 .../shortcodes/boxes/added-in-paragraph.html  | 22 ++++++++++++++++++
 3 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 layouts/shortcodes/boxes/added-in-paragraph.html

diff --git a/assets/scss/custom.scss b/assets/scss/custom.scss
index 5a89d6483..36566d9a0 100644
--- a/assets/scss/custom.scss
+++ b/assets/scss/custom.scss
@@ -260,6 +260,29 @@ footer {
     border-left-width: 5px;
     background: $warning-background;
   }
+
+  // XXX: See the added-in-paragraph.html shortcode for more information on these styles.
+  &.added-in-paragraph {
+    // Remove the padding and margin to remove the box look
+    margin: 0 !important; // !important on both to override table-related rules
+    padding: 0 !important;
+
+    // Make pairs of "added-in" and content inline to each other. We do pairs so authors can
+    // describe two paragraphs with added-in prefixes within a single box, reducing DOM
+    // complexity. Each paragraph is expected to be prefixed with an added-in, however.
+    //
+    // XXX: We assume the added-in and text will be rendered as paragraph elements.
+    > p {
+      display: inline;
+    }
+    > p:nth-child(2n) { // "even" rule to target just the content paragraphs
+      // Force a paragraph break after the content (insert a couple <br /> tags)
+      &::after {
+        content: '\A\A';
+        white-space: pre;
+      }
+    }
+  }
 }
 
 /* Styles for sections that are rendered from data, such as HTTP APIs and event schemas */
diff --git a/content/client-server-api/modules/content_repo.md b/content/client-server-api/modules/content_repo.md
index 86ac98a7e..c5e85e240 100644
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@@ -19,12 +19,14 @@ When serving content, the server SHOULD provide a
 `Content-Security-Policy` header. The recommended policy is
 `sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';`.
 
-{{% added-in v="1.4" %}}
-
-The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
+{{% boxes/added-in-paragraph %}}
+{{< added-in v="1.4" >}} The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
 when serving content to allow (web) clients access to APIs which interact
 with the media repository, such as `SharedArrayBuffer`.
 
+{{< added-in v="1.4" >}} Second paragraph
+{{% /boxes/added-in-paragraph %}}
+
 #### Matrix Content (MXC) URIs
 
 Content locations are represented as Matrix Content (MXC) URIs. They
diff --git a/layouts/shortcodes/boxes/added-in-paragraph.html b/layouts/shortcodes/boxes/added-in-paragraph.html
new file mode 100644
index 000000000..f0c1e8e61
--- /dev/null
+++ b/layouts/shortcodes/boxes/added-in-paragraph.html
@@ -0,0 +1,22 @@
+{{/*
+
+    "Temporary" shortcode for rendering paragraphs which want/need inline added-in tags. It is
+    assumed that your content is described as follows:
+
+    {{% boxes/added-in-paragraph %}}
+    {{< added-in v="1.4" >}} Your text here
+
+    {{< added-in v="1.4" >}} Your other text here
+    {{% /boxes/added-in-paragraph %}}
+
+    The assumption is that at a later date this added-in-paragraph shortcode can be removed, making
+    the angle bracket-defined added-in shortcodes *just work*.
+
+    It is important that each new "content" paragraph (the bit after added-in) is preceeded with
+    and added-in, otherwise you might find your text being weirdly merged.
+
+    This exists while the added-in shortcode cannot be inline in the client-server spec.
+    See https://github.com/matrix-org/matrix-spec/issues/1204
+
+*/}}
+{{ partial "alert" (dict "type" "added-in-paragraph" "content" .Inner) }}

From f798a726cd3060728a8fc158c8a2dd906c988e69 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Mon, 8 Aug 2022 19:32:28 -0600
Subject: [PATCH 3/5] Remove test paragraph

---
 content/client-server-api/modules/content_repo.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/content/client-server-api/modules/content_repo.md b/content/client-server-api/modules/content_repo.md
index c5e85e240..70df8ceea 100644
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@@ -23,8 +23,6 @@ When serving content, the server SHOULD provide a
 {{< added-in v="1.4" >}} The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
 when serving content to allow (web) clients access to APIs which interact
 with the media repository, such as `SharedArrayBuffer`.
-
-{{< added-in v="1.4" >}} Second paragraph
 {{% /boxes/added-in-paragraph %}}
 
 #### Matrix Content (MXC) URIs

From 52369680f1bd73b8cf99d37f6fa560a8ac3e47d8 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Mon, 8 Aug 2022 19:34:57 -0600
Subject: [PATCH 4/5] Refine prose

---
 content/client-server-api/modules/content_repo.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/content/client-server-api/modules/content_repo.md b/content/client-server-api/modules/content_repo.md
index 70df8ceea..0366f9209 100644
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@@ -20,9 +20,10 @@ When serving content, the server SHOULD provide a
 `sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';`.
 
 {{% boxes/added-in-paragraph %}}
-{{< added-in v="1.4" >}} The server SHOULD additionally provide `Cross-Origin-Resource-Policy: cross-origin`
-when serving content to allow (web) clients access to APIs which interact
-with the media repository, such as `SharedArrayBuffer`.
+{{< added-in v="1.4" >}} The server SHOULD additionally provide
+`Cross-Origin-Resource-Policy: cross-origin` when serving content to allow
+(web) clients to access restricted APIs such as `SharedArrayBuffer` when
+interacting with the media repository.
 {{% /boxes/added-in-paragraph %}}
 
 #### Matrix Content (MXC) URIs

From 8ac83c2b9a3d9bddae62bb6defb6d11db9228e08 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Mon, 8 Aug 2022 19:54:58 -0600
Subject: [PATCH 5/5] spelling is key

---
 layouts/shortcodes/boxes/added-in-paragraph.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/layouts/shortcodes/boxes/added-in-paragraph.html b/layouts/shortcodes/boxes/added-in-paragraph.html
index f0c1e8e61..20ca3932b 100644
--- a/layouts/shortcodes/boxes/added-in-paragraph.html
+++ b/layouts/shortcodes/boxes/added-in-paragraph.html
@@ -12,7 +12,7 @@
     The assumption is that at a later date this added-in-paragraph shortcode can be removed, making
     the angle bracket-defined added-in shortcodes *just work*.
 
-    It is important that each new "content" paragraph (the bit after added-in) is preceeded with
+    It is important that each new "content" paragraph (the bit after added-in) is preceded with
     and added-in, otherwise you might find your text being weirdly merged.
 
     This exists while the added-in shortcode cannot be inline in the client-server spec.