I wonder whether we could switch to Cross-Origin-Embedder-Policy: credentialless (currently we set Cross-Origin-Embedder-Policy: require-corp). This would allow IWA developers to send no-cors requests. Currently, they cannot send no-cors requests at all.
I wonder whether we could switch to
Cross-Origin-Embedder-Policy: credentialless
(currently we setCross-Origin-Embedder-Policy: require-corp
). This would allow IWA developers to sendno-cors
requests. Currently, they cannot sendno-cors
requests at all.https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy