Add CORS support to widget

giscus · Feb 11, 2024 · 714fdb9 · 714fdb9
1 parent a8fcda0
commit 714fdb9
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,13 @@ writing, this is a rolling-release project without any meaningful versioning
 whatsoever. Tags/releases may be created for the sole purpose of documenting
 major updates to the project.
 
+## 2024-02-11
+
+### Added
+
+- Add Cross-Origin Resource Policy support
+  ([#1309](https://github.com/giscus/giscus/pull/1309)).
+
 ## 2024-02-10
 
 ### Added

diff --git a/pages/widget.tsx b/pages/widget.tsx
@@ -37,6 +37,9 @@ export async function getServerSideProps({ query, res }: GetServerSidePropsConte
 
   const repoConfig = await getRepoConfig(repo, token);
 
+  // Opt into CORS. See: https://web.dev/articles/coop-coep
+  res.setHeader('Cross-Origin-Resource-Policy', 'cross-origin');
+
   if (!assertOrigin(originHost, repoConfig)) {
     res.setHeader('Content-Security-Policy', `frame-ancestors 'none';`);
     res.setHeader('X-Frame-Options', 'DENY');