-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-Origin-Embedder-Policy support #1851
Comments
Related: #1399 |
Any chance this could be looked at anytime soon? I appreciate the team behind the JS library may not have any involvement with the team controlling the report servers, but in that case is there a better place I should be making this request? |
Hi @Sora2455, |
Hi @Karlie-777 If I've understood correctly, those config options set headers on the request - but I need them set on the response. |
@Sora2455 Correct, they are for request headers. For response headers, we've created a task internally, let me get back to you as soon as we have updates! |
Is your feature request related to a problem? Please describe.
When trying to set the Cross-Origin-Embedder-Policy header to "require-corp" on my site, requests to application insights (in particular https://australiaeast-0.in.applicationinsights.azure.com//v2/track) are blocked, as they do not have a Cross-Origin-Resource-Policy header.
Describe the solution you'd like
The application insights endpoints to serve a Cross-Origin-Resource-Policy header of the value "cross-origin".
Describe alternatives you've considered
or <script> tag to get around this problem. However, this is a fetch/XHR request, and one that requires cookies if I understand correctly.
If this was an image or script request, I could add the crossOrigin attribute to the
Additional context
Cross-Origin-Embedder-Policy is needed to enable the security feature cross-site isolation.
The text was updated successfully, but these errors were encountered: