Cross-Origin-Resource-Policy - HTTP 编辑
Note: Due to a bug in Chrome, setting Cross-Origin-Resource-Policy can break PDF rendering, preventing visitors from being able to read past the first page of some PDFs. Due to a bug in Firefox, setting Cross-Origin-Resource-Policy can prevent some resources (such as PDFs) from being downloaded in some circumstances. Exercise caution using this header in a production environment.
The HTTP Cross-Origin-Resource-Policy
response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
Header type | Response header |
---|---|
Forbidden header name | no |
Syntax
Cross-Origin-Resource-Policy: same-site | same-origin | cross-origin
Examples
The response header below will cause compatible user agents to disallow cross-origin no-cors requests:
Cross-Origin-Resource-Policy: same-origin
For more examples, see https://resourcepolicy.fyi/.
Specifications
Specification | Status | Comment |
---|---|---|
Fetch | Living Standard | Initial definition |
Browser compatibility
BCD tables only load in the browser
See also
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论