From cfcfe2f65f8bfc9555a99b58dcc8b962d878941a Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Wed, 7 Oct 2020 14:47:43 +0530
Subject: [PATCH] enable APIs for XLSX export in firefox

---
 docs/example.nginx.conf | 5 +++++
 lib/defaults.js         | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 93be85083..0c514e1ef 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -57,6 +57,11 @@ server {
     add_header Access-Control-Allow-Origin "*";
     # add_header X-Frame-Options "SAMEORIGIN";
 
+    # Enable SharedArrayBuffer in Firefox (for .xlsx export)
+    add_header Cross-Origin-Resource-Policy cross-origin;
+    add_header Cross-Origin-Opener-Policy same-origin;
+    add_header Cross-Origin-Embedder-Policy require-corp;
+
     # Insert the path to your CryptPad repository root here
     root /home/cryptpad/cryptpad;
     index index.html;
diff --git a/lib/defaults.js b/lib/defaults.js
index 7119a0c6a..329e16f4c 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -47,7 +47,10 @@ Default.httpHeaders = function () {
     return {
         "X-XSS-Protection": "1; mode=block",
         "X-Content-Type-Options": "nosniff",
-        "Access-Control-Allow-Origin": "*"
+        "Access-Control-Allow-Origin": "*",
+        "Cross-Origin-Resource-Policy": 'cross-origin',
+        "Cross-Origin-Opener-Policy": 'same-origin',
+        "Cross-Origin-Embedder-Policy": 'require-corp',
     };
 };