Add Cross-Origin-Resource-Policy header to script

Hey Plausible devs, I am trying to embed the `plausible.js` onto a page that has the [`require-corp`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy) header set, which means that for every resource that is loaded they must be clearly marked as cross-origin OK. The tracker script response currently doesn't have that header set, so I can't load it right now. This would solve that.
2024-11-24 04:32:57 +03:00 · 2020-11-18 07:30:43 +01:00 · 2020-11-18 07:30:43 +01:00 · 2b1dcd99d3
commit 2b1dcd99d3
parent 6cd963ab35
1 changed files with 1 additions and 0 deletions
--- a/lib/plausible_web/plugs/tracker.ex
+++ b/lib/plausible_web/plugs/tracker.ex
@ -47,6 +47,7 @@ defmodule PlausibleWeb.Tracker do
    conn
    |> put_resp_header("cache-control", "max-age=#{@max_age},public")
    |> put_resp_header("content-type", "application/javascript")
+    |> put_resp_header("cross-origin-resource-policy", "cross-origin")
    |> send_resp(200, file)
    |> halt()
  end