Cross-Origin-Resource-Policy Header
Table of Content
- Syntax
- Directives
- Examples
- Browser Compatibility
- How to modify Cross-Origin-Resource-Policy header The Cross-Origin-Resource-Policy (CORP) Header is a security feature that allows a server to restrict which websites can access its resources. In essence, this header provides a mechanism to mitigate cross-origin data leaks. It is important for web security, particularly in preventing data from being loaded into scripts or tags that do not have the same origin.
Syntax
Cross-Origin-Resource-Policy: same-origin
Directives
The essential directives for the Cross-Origin-Resource-Policy header include:
same-origin
: This allows the resource to be accessed by the same origin. If the contents of a specific resource shouldn't be accessible from other origins, using this directive will be appropriate.same-site
: This allows the resource to be accessed by the same site.cross-origin
: This allows any site to access the resource.
Examples
// For same-origin policy
Cross-Origin-Resource-Policy: same-origin
// For same-site policy
Cross-Origin-Resource-Policy: same-site
// For cross-origin policy allowing all sites
Cross-Origin-Resource-Policy: cross-origin
Browser Compatibility
Browser | Compatibility |
---|---|
Chrome | Supported |
Firefox | Supported |
Safari | Not Supported |
Opera | Supported |
Edge | Supported |
How to modify Cross-Origin-Resource-Policy header
ModHeader is a useful utility that allows manually adding, modifying or deleting HTTP response headers. To change the Cross-Origin-Resource-Policy header, open the ModHeader and click on the 'plus' icon to create a new profile. In the new profile, add "Cross-Origin-Resource-Policy" in the 'Name' field and your desired policy (such as "same-origin") in the 'Value' field. Hit 'Save' to apply the changes. Now, all outbound requests from your current browser session will include this modified header, assisting in testing how your application responds to different Cross-Origin-Resource-Policies.