From 3a0fe6968d358569538ee67a16a25e603f38d0b1 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Thu, 15 Apr 2021 18:03:13 +0530
Subject: [PATCH] refine the header fixes for chrome to avoid breaking
 standalone instances

---
 server.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 0b28b2de6..e5e99b285 100644
--- a/server.js
+++ b/server.js
@@ -43,6 +43,7 @@ var canonicalizeOrigin = function (s) {
     }
 
     if (typeof(config.httpSafeOrigin) !== 'string') {
+        Env.NO_SANDBOX = true;
         if (typeof(config.httpSafePort) !== 'number') {
             config.httpSafePort = config.httpPort + 1;
         }
@@ -112,7 +113,14 @@ var setHeaders = (function () {
 
             // Don't set CSP headers on /api/config because they aren't necessary and they cause problems
             // when duplicated by NGINX in production environments
-            if (/^\/api\/(broadcast|config)/.test(req.url)) { return; }
+            if (/^\/api\/(broadcast|config)/.test(req.url)) {
+                if (!Env.NO_SANDBOX) {
+                    applyHeaderMap(res, {
+                        "Cross-Origin-Resource-Policy": 'cross-origin',
+                    });
+                }
+                return;
+            }
             applyHeaderMap(res, {
                 "Cross-Origin-Resource-Policy": 'cross-origin',
             });