From e58da265ba30654309b51c6d3a2c774b3a8c3463 Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Thu, 18 Jul 2024 20:58:09 -0400 Subject: [PATCH] try cross-origin isolation only on sites --- src/backend/src/services/WebServerService.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/src/services/WebServerService.js b/src/backend/src/services/WebServerService.js index 633fd297..57fe8b82 100644 --- a/src/backend/src/services/WebServerService.js +++ b/src/backend/src/services/WebServerService.js @@ -392,7 +392,7 @@ class WebServerService extends BaseService { // NOTE: This is put behind a configuration flag because we // need some experimentation to ensure the interface // between apps and Puter doesn't break. - if ( config.cross_origin_isolation ) { + if ( config.cross_origin_isolation && is_site ) { res.setHeader('Cross-Origin-Opener-Policy', 'same-origin'); res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp'); }