From ae173d31cbbda8d4c8a0476d7a023d98e41574be Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 15 Apr 2021 15:17:08 +0530 Subject: [PATCH] fix a chrome header issue --- server.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server.js b/server.js index 36ca1a425..0b28b2de6 100644 --- a/server.js +++ b/server.js @@ -106,7 +106,6 @@ var setHeaders = (function () { return function (req, res) { // apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere applyHeaderMap(res, { - "Cross-Origin-Resource-Policy": 'cross-origin', "Cross-Origin-Opener-Policy": /^\/sheet\//.test(req.url)? 'same-origin': '', "Cross-Origin-Embedder-Policy": 'require-corp', }); @@ -114,6 +113,10 @@ var setHeaders = (function () { // Don't set CSP headers on /api/config because they aren't necessary and they cause problems // when duplicated by NGINX in production environments if (/^\/api\/(broadcast|config)/.test(req.url)) { return; } + applyHeaderMap(res, { + "Cross-Origin-Resource-Policy": 'cross-origin', + }); + // targeted CSP, generic policies, maybe custom headers const h = [ /^\/common\/onlyoffice\/.*\/index\.html.*/,