From e90031b8d126ccdbba4d28cbc0c7a977b3205593 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Thu, 15 Apr 2021 19:43:03 +0530
Subject: [PATCH] refined header fix for standalone instances

---
 server.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server.js b/server.js
index e5e99b285..443c16a52 100644
--- a/server.js
+++ b/server.js
@@ -111,6 +111,12 @@ var setHeaders = (function () {
                 "Cross-Origin-Embedder-Policy": 'require-corp',
             });
 
+            if (Env.NO_SANDBOX) {
+                applyHeaderMap(res, {
+                    "Cross-Origin-Resource-Policy": 'cross-origin',
+                });
+            }
+
             // Don't set CSP headers on /api/config because they aren't necessary and they cause problems
             // when duplicated by NGINX in production environments
             if (/^\/api\/(broadcast|config)/.test(req.url)) {