Open xinaesthete opened 2 years ago
these work in all my production settings?
def add_safe_headers(resp):
resp.headers["Cross-Origin-Opener-Policy"]= "same-origin"
resp.headers["Cross-Origin-Embedder-Policy"]="require-corp"
return resp
mdvbp.after_request(add_safe_headers)
in an nginx config
in nginx
location /static/ {
alias /home/sergeant/mlv_dev/app/static/;
add_header Cross-Origin-Opener-Policy same-origin;
add_header Cross-Origin-Embedder-Policy require-corp;
}
not sure why its not working in your seup
Running the dev server, these headers are indeed set. Perhaps "referrer policy": "strict-origin-when-cross-origin" from the browser is an issue. I tried setting
https: true
indevServer
config, but for some reason then it doesn't seem to serve any content.Using localhost for the time being.