Skip to content

Commit

Permalink
Merge pull request #40 from microsoft/joh/christian-tiger
Browse files Browse the repository at this point in the history 
make sure to set `CORP`-header on all resources
  • Loading branch information
@aeschli
aeschli authored Sep 5, 2022
2 parents 8e8df32 + a8d409e commit 3010a97
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/server/app.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ export default async function createApp(config: IConfig): Promise<Koa> {

// COI
app.use((ctx, next) => {
// set COOP/COEP depending on vscode-coi-flags
const value = ctx.query['vscode-coi'];
if (value === '1') {
ctx.set('Cross-Origin-Opener-Policy', 'same-origin');
Expand All @@ -58,6 +59,9 @@ export default async function createApp(config: IConfig): Promise<Koa> {
ctx.set('Cross-Origin-Opener-Policy', 'same-origin');
ctx.set('Cross-Origin-Embedder-Policy', 'require-corp');
}

// set CORP on all resources
ctx.set('Cross-Origin-Resource-Policy', 'cross-origin')
return next()
})

Expand Down

0 comments on commit 3010a97

Please sign in to comment.