Skip to content

Commit

Permalink
fix(headers): set Cross-Origin-Resource-Policy header for UI requests
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrei Aaron <[email protected]>
  • Loading branch information
@andaaron
andaaron committed Jan 16, 2025
1 parent 97fd43e commit 7320ff0
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions pkg/extensions/extension_ui.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ func addUISecurityHeaders(h http.Handler) http.HandlerFunc { //nolint:varnamelen
w.Header().Set("Permissions-Policy", permissionsPolicy)
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")

cspDirectives := []string{
"default-src 'none'",
Expand Down

0 comments on commit 7320ff0

Please sign in to comment.