CORS headers on iframe

[Sparkenstein]

I am using sandpack in a dekstop application. I have enabled Cross-Origin Embedder Policy (COEP). So if my application has any more iframes, all the requests in iframes need to have this policy enabled as well.

How do enable this with sandpack? do I have to host the bundler myself? here's the full network error:

Because your site has the Cross-Origin Embedder Policy (COEP) enabled, each embedded iframe must also specify this policy. This behavior protects private data from being exposed to untrusted third party sites.
To solve this, add one of following to the embedded frame’s HTML response header:
  Cross-Origin-Embedder-Policy: require-corp
  Cross-Origin-Embedder-Policy: credentialless (Chrome > 96)

[DeMoorJasper]

I think you'd have to host the bundler yourself, or proxy the requests to the bundler.

We can maybe enable the Cross-Origin-Embedder-Policy: require-corp header on our servers but I think that might also affect the code that is actually running inside the iframe as well so I'm not sure if we should enable it.

[Sparkenstein]

You are right. you shouldn't make this change. I will look into hosting it myself.