CORS headers / https dev server

Taylor-CCB-Group / MDV

GNU General Public License v3.0

8 stars 6 forks source link

CORS headers / https dev server #3

Open xinaesthete opened 2 years ago

xinaesthete commented 2 years ago

Headers required for SharedArrayBuffer "Cross-Origin-Opener-Policy":"same-origin", "Cross-Origin-Embedder-Policy":"require-corp" These are specified in the dev configs and added to the dev server There is no documentation yet for production builds as this info would need to be added to that

Running the dev server, these headers are indeed set. Perhaps "referrer policy": "strict-origin-when-cross-origin" from the browser is an issue. I tried setting https: true in devServer config, but for some reason then it doesn't seem to serve any content.

Using localhost for the time being.

martinSergeant commented 2 years ago

these work in all my production settings?

def add_safe_headers(resp):
    resp.headers["Cross-Origin-Opener-Policy"]= "same-origin"
    resp.headers["Cross-Origin-Embedder-Policy"]="require-corp"
    return resp

mdvbp.after_request(add_safe_headers)

in an nginx config

in nginx

location /static/ {
           alias /home/sergeant/mlv_dev/app/static/;
           add_header Cross-Origin-Opener-Policy same-origin;
           add_header Cross-Origin-Embedder-Policy require-corp;

        }

not sure why its not working in your seup