17 lines
713 B
Plaintext
17 lines
713 B
Plaintext
# CORP, COOP, and COEP headers
|
|
# Meant to be used globally, but some apps may need a manual overwrite, so this is split out from security.conf
|
|
|
|
proxy_hide_header Cross-Origin-Resource-Policy;
|
|
add_header Cross-Origin-Resource-Policy "same-origin" always;
|
|
|
|
proxy_hide_header Cross-Origin-Opener-Policy;
|
|
add_header Cross-Origin-Opener-Policy "same-origin" always;
|
|
|
|
# Change COEP to "credentialless" when supported by Safari
|
|
# https://developer.mozilla.org/en-US/docs/Web/API/Window/credentialless
|
|
proxy_hide_header Cross-Origin-Embedder-Policy;
|
|
add_header Cross-Origin-Embedder-Policy "require-corp" always;
|
|
|
|
# Access-Control-Max-Age
|
|
proxy_hide_header Access-Control-Max-Age;
|
|
add_header Access-Control-Max-Age "600"; |