codeorigin: add Cross-Origin-Resource-Policy header (#52)

Fixes gh-7 Fixes jquery/codeorigin.jquery.com#57
jquery · Jul 2, 2024 · ea06bd2 · ea06bd2
1 parent 9396ac2
commit ea06bd2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/modules/profile/templates/codeorigin/site.nginx.erb b/modules/profile/templates/codeorigin/site.nginx.erb
@@ -77,6 +77,12 @@ server {
     # responses during revalidation or downtime. Currently 1 year, and 7 days.
     add_header Cache-Control "public, max-age=31536000, stale-while-revalidate=604800";
     add_header Access-Control-Allow-Origin *;
+
+    # Allow users to opt in to Cross-Origin-Embedder-Policy
+    # https://github.com/jquery/infrastructure-puppet/issues/7
+    add_header Cross-Origin-Resource-Policy "cross-origin";
+
+    # Enable GZIP compression
     gzip on;
     gzip_comp_level 9;
     gzip_vary on;

diff --git a/test/CodeoriginTest.php b/test/CodeoriginTest.php
@@ -36,6 +36,7 @@
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
 	'accept-ranges' => 'bytes',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 Unit::testHttp( $server, '/qunit/qunit-2.0.0.css', [], [
@@ -49,6 +50,7 @@
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
 	'accept-ranges' => 'bytes',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 Unit::testHttp( $server, '/ui/1.10.0/themes/base/images/ui-icons_222222_256x240.png', [], [
@@ -61,6 +63,7 @@
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
 	'accept-ranges' => 'bytes',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 Unit::testHttp( $server, '/jquery-2.0.0.min.map', [], [
@@ -73,6 +76,7 @@
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
 	'accept-ranges' => 'bytes',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 // Static asset
@@ -90,6 +94,7 @@
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
 	'accept-ranges' => 'bytes',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 // Gzip Compression
@@ -106,6 +111,7 @@
 	'etag' => '"28feccc0-40464"',
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 Unit::testHttp( $server, '/qunit/qunit-2.0.0.css', [
@@ -120,6 +126,7 @@
 	'etag' => '"28feccc0-1d20"',
 	'cache-control' => 'public, max-age=31536000, stale-while-revalidate=604800',
 	'access-control-allow-origin' => '*',
+	'cross-origin-resource-policy' => 'cross-origin',
 ] );
 
 // Renamed files