Cross-Origin-Embedder-Policy support #1851
Comments
|
Related: #1399 |
|
Any chance this could be looked at anytime soon? I appreciate the team behind the JS library may not have any involvement with the team controlling the report servers, but in that case is there a better place I should be making this request? |
|
Hi @Sora2455, |
|
Hi @Karlie-777 If I've understood correctly, those config options set headers on the request - but I need them set on the response. |
|
@Sora2455 Correct, they are for request headers. For response headers, we've created a task internally, let me get back to you as soon as we have updates! |
Is your feature request related to a problem? Please describe.
When trying to set the Cross-Origin-Embedder-Policy header to "require-corp" on my site, requests to application insights (in particular https://australiaeast-0.in.applicationinsights.azure.com//v2/track) are blocked, as they do not have a Cross-Origin-Resource-Policy header.
Describe the solution you'd like
The application insights endpoints to serve a Cross-Origin-Resource-Policy header of the value "cross-origin".
Describe alternatives you've considered![]()
or <script> tag to get around this problem. However, this is a fetch/XHR request, and one that requires cookies if I understand correctly.
If this was an image or script request, I could add the crossOrigin attribute to the
Additional context
Cross-Origin-Embedder-Policy is needed to enable the security feature cross-site isolation.
The text was updated successfully, but these errors were encountered: