Table of Content
- Browser Compatibility
- How to modify Cross-Origin-Resource-Policy header The Cross-Origin-Resource-Policy (CORP) Header is a security feature that allows a server to restrict which websites can access its resources. In essence, this header provides a mechanism to mitigate cross-origin data leaks. It is important for web security, particularly in preventing data from being loaded into scripts or tags that do not have the same origin.
The essential directives for the Cross-Origin-Resource-Policy header include:
same-origin: This allows the resource to be accessed by the same origin. If the contents of a specific resource shouldn't be accessible from other origins, using this directive will be appropriate.
same-site: This allows the resource to be accessed by the same site.
cross-origin: This allows any site to access the resource.
// For same-origin policy
// For same-site policy
// For cross-origin policy allowing all sites
How to modify Cross-Origin-Resource-Policy header
ModHeader is a useful utility that allows manually adding, modifying or deleting HTTP response headers. To change the Cross-Origin-Resource-Policy header, open the ModHeader and click on the 'plus' icon to create a new profile. In the new profile, add "Cross-Origin-Resource-Policy" in the 'Name' field and your desired policy (such as "same-origin") in the 'Value' field. Hit 'Save' to apply the changes. Now, all outbound requests from your current browser session will include this modified header, assisting in testing how your application responds to different Cross-Origin-Resource-Policies.