Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cross-Origin-Resource-Policy
See original GitHub issueThere’s a relatively new HTTP header called Cross-Origin-Resource-Policy which Helmet could utilize.
MDN docs:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
Now I’m not sure how it affects or if it takes precedence (when applicable) over X-Frame-Options, CSP’s frame-ancestors and X-Permitted-Cross-Domain-Policies.
Browser support bugs can be found here: https://github.com/Fyrd/caniuse/issues/4355
Issue Analytics
- State:
- Created 5 years ago
- Comments:14 (9 by maintainers)
Top Results From Across the Web
Cross-Origin Resource Policy (CORP) - HTTP - MDN Web Docs
Cross-Origin-Resource-Policy is an opt-in response header which can protect any resource; there is no need for browsers to sniff MIME types.
Read more >HTTP headers | Cross-Origin-Resource-Policy - GeeksforGeeks
The Cross-Origin-Resource-Policy is an HTTP response-type header that allows the servers to protect against certain cross-origin or ...
Read more >Consider deploying cross-origin resource policy!
The Cross-Origin-Resource-Policy ( CORP ) header allows you to control the set of origins that are empowered to include a resource. It is...
Read more >Cross-Origin-Resource-Policy - HTTP
The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given ...
Read more >Cross-Origin Resource Policy - Chrome Platform Status
“Cross-Origin-Resource-Policy” response header allows http servers to ask the browser to prevent cross-origin or cross-site embedding of the ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@EvanHahn I found this ystd, it might help (https://youtu.be/vfAHa5GBLio?t=1217)
@rajeshsusai that link only talks about
SameSitecookies, and not theCross-Origin-Resource-PolicyHTTP header. CORP has been available in Chrome since v73.