From 5be2397e191e60810978cec3365b111fe4475cf9 Mon Sep 17 00:00:00 2001 From: goutamdh Date: Sat, 6 Jan 2024 22:06:19 +0530 Subject: [PATCH] feat: Set Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers This commit adds security headers to the server response to enable cross-origin isolation for shared memory operations in the p5.js editor. --- server/previewServer.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server/previewServer.js b/server/previewServer.js index ea8d03d657..78f60b8874 100644 --- a/server/previewServer.js +++ b/server/previewServer.js @@ -45,7 +45,11 @@ const corsMiddleware = cors({ credentials: true, origin: allowedCorsOrigins }); -app.use(corsMiddleware); +app.use((req, res, next) => { + res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp'); + res.setHeader('Cross-Origin-Opener-Policy', 'same-origin'); + corsMiddleware(req, res, next); +}); // Enable pre-flight OPTIONS route for all end-points app.options('*', corsMiddleware);