Cross-Origin-Resource-Policy

Nota: Devido a um bug no Chrome, configurar Cross-Origin-Resource-Policy pode quebrar a renderização de PDF, impedindo visitantes de conseguir ler além da primeira página de alguns PDFs. Utilize com cuidado este cabeçalho em um ambiente de produção.

O cabeçalho de resposta HTTP Cross-Origin-Resource-Policy indica um desejo que o navegador bloqueie requisições que não sejam entre origens e/ou entre sites para um dado recurso.

Tipo de cabeçalho Response header
Forbidden header name não

Sintaxe

Cross-Origin-Resource-Policy: same-site | same-origin | cross-origin

Exemplos

O cabeçalho de resposta abaixo pode causar a agentes de usuário compatíveis a desabilitar requisição que não sejam entre origens:

Cross-Origin-Resource-Policy: same-origin

Para mais exemplos, veja https://resourcepolicy.fyi/.

Especificações

Especificação Status Comentários
Fetch Padrão em tempo real Definição inicial

Compatibilidade de navegador

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Cross-Origin-Resource-PolicyChrome Full support 73
Notes
Full support 73
Notes
Notes Until version 75, downloads for files with this header would fail in Chrome. See bug 952834.
Notes From version 80, linearized PDFs served inline with this header fail to render properly. See bug 1074261.
Edge Full support 79Firefox Full support 74
Full support 74
Full support 69
Disabled
Disabled From version 69: this feature is behind the browser.tabs.remote.useCORP preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera No support NoSafari Full support 12WebView Android Full support 73
Notes
Full support 73
Notes
Notes Until version 75, downloads for files with this header would fail in WebView. See bug 952834.
Notes From version 80, linearized PDFs served inline with this header fail to render properly. See bug 1074261.
Chrome Android Full support 73
Notes
Full support 73
Notes
Notes Until version 75, downloads for files with this header would fail in Chrome. See bug 952834.
Notes From version 80, linearized PDFs served inline with this header fail to render properly. See bug 1074261.
Firefox Android No support NoOpera Android No support NoSafari iOS Full support 12Samsung Internet Android No support No

Legend

Full support  
Full support
No support  
No support
See implementation notes.
See implementation notes.
User must explicitly enable this feature.
User must explicitly enable this feature.

Veja também