NGINX-Configs/etc/nginx/snippets/cross-origin-security.conf

11 lines
472 B
Plaintext
Raw Normal View History

# CORP, COOP, and COEP headers
# Meant to be used globally, but some apps may need a manual overwrite, so this is split out from security.conf
proxy_hide_header Cross-Origin-Resource-Policy;
2024-06-25 15:17:43 -07:00
add_header Cross-Origin-Resource-Policy "same-origin" always;
proxy_hide_header Cross-Origin-Opener-Policy;
2024-06-25 15:17:43 -07:00
add_header Cross-Origin-Opener-Policy "same-origin" always;
2024-06-25 15:15:59 -07:00
proxy_hide_header Cross-Origin-Embedder-Policy;
2024-06-25 15:17:43 -07:00
add_header Cross-Origin-Embedder-Policy "require-corp" always;