From a8f53d04fc1825c06aabd9ca4d0c513ffe1b4b02 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Mon, 26 Oct 2020 17:24:35 +0530
Subject: [PATCH] proposed nginx configuration to enable XLSX export without
 disabling print from other apps

---
 docs/example.nginx.conf | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 117eb2cc4..324df90c0 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -57,11 +57,6 @@ server {
     add_header Access-Control-Allow-Origin "*";
     # add_header X-Frame-Options "SAMEORIGIN";
 
-    # Enable SharedArrayBuffer in Firefox (for .xlsx export)
-    add_header Cross-Origin-Resource-Policy cross-origin;
-    add_header Cross-Origin-Opener-Policy same-origin;
-    add_header Cross-Origin-Embedder-Policy require-corp;
-
     # Insert the path to your CryptPad repository root here
     root /home/cryptpad/cryptpad;
     index index.html;
@@ -113,6 +108,14 @@ server {
     if ($uri = "/sheet/inner.html") { set $unsafe 1; }
     if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set $unsafe 1; }
 
+    set $coop '';
+    if ($uri ~ ^\/sheet\/.*$) { set $coop 'same-origin'; }
+
+    # Enable SharedArrayBuffer in Firefox (for .xlsx export)
+    add_header Cross-Origin-Resource-Policy cross-origin;
+    add_header Cross-Origin-Opener-Policy $coop;
+    add_header Cross-Origin-Embedder-Policy require-corp;
+
     # everything except the sandbox domain is a privileged scope, as they might be used to handle keys
     if ($host != $sandbox_domain) { set $unsafe 0; }