Cross-Origin-Resource-Policy

Jump to:
  1. Syntax
  2. Examples
  3. Specifications
  4. Browser compatibility
  5. See also

Доброволците ни все още не са превели статията на Български. Присъединете се и помогнете да свършим тая работа!
Можете да прочетете статията и на English (US).

Note: Due to a bug in Chrome, setting Cross-Origin-Resource-Policy can break file downloads, preventing visitors using Save as or Save image as on resources with the CORP header. Exercise caution when deciding to use this feature in a production environment.

The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser block no-cors cross-origin/cross-site requests to the given resource.

Header type Response header
Forbidden header name no

Syntax

Cross-Origin-Resource-Policy: same-site | same-origin

Examples

The response header below will cause compatible user agents to disallow cross-origin no-cors requests:

Cross-Origin-Resource-Policy: same-origin

Specifications

Specification Status Comment
Fetch Living Standard Initial definition

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Cross-Origin-Resource-PolicyChrome Full support 73Edge No support NoFirefox No support NoIE No support NoOpera No support NoSafari Full support 12WebView Android Full support 73Chrome Android Full support 73Edge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS Full support 12Samsung Internet Android No support No

Legend

Full support  
Full support
No support  
No support

See also

Етикети за документа и сътрудници

Етикети: 
Допринесли за тази страница: lol768, Malvoz
Последно обновяване от: lol768,