이 문서는 아직 자원 봉사자들이 한국어로 번역하지 않았습니다. 참여해서 번역을 마치도록 도와 주세요!
English (US)의 문서도 읽어보세요.

Note: Due to a bug in Chrome, setting Cross-Origin-Resource-Policy can break file downloads, preventing visitors using Save as or Save image as on resources with the CORP header. Exercise caution when deciding to use this feature in a production environment.

The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser block no-cors cross-origin/cross-site requests to the given resource.

Header type Response header
Forbidden header name no

Syntax

Cross-Origin-Resource-Policy: same-site | same-origin

Examples

The response header below will cause compatible user agents to disallow cross-origin no-cors requests:

Cross-Origin-Resource-Policy: same-origin

Specifications

Specification Status Comment
Fetch Living Standard Initial definition

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Cross-Origin-Resource-PolicyChrome Full support 73Edge No support NoFirefox No support NoIE No support NoOpera No support NoSafari Full support 12WebView Android Full support 73Chrome Android Full support 73Edge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS Full support 12Samsung Internet Android No support No

Legend

Full support  
Full support
No support  
No support

See also

문서 태그 및 공헌자

이 페이지의 공헌자: lol768, Malvoz
최종 변경자: lol768,