Cross-Origin-Embedder-Policy - revisted

I am trying to set up cors values:

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin

It is exactly the same question as @Johan_Rabie asked in a post to this forum, only a couple months ago, in October 2022 here : Cross-Origin-Embedder-Policy

Only problem is that post was closed off after 30 days with no actual answer.

So, does anyone know how to configure that ?

What have you tried? Did you read the docs?

Please fill out the help topic template, as per the forum rules.

Actually - after more testing - it does seem to work straight out of the box . In the current state of my project it is a little difficult to say definitively . But it seems that way :grin:

(init_testsite) {
  tls fullchain1.pem privkey1.pem
  encode zstd gzip
  header {
    Strict-Transport-Security: "max-age=31536000; preload"
    X-Content-Type-Options: "nosniff"
    X-Frame-Options: "DENY"
    X-XSS-Protection: "1; mode=block"
    Referrer-Policy: "strict-origin-when-cross-origin"
    Cross-Origin-Embedder-Policy: "require-corp"
    Cross-Origin-Opener-Policy: "same-origin"
    cache-control: public, max-age=3600

This topic was automatically closed after 30 days. New replies are no longer allowed.