Nossos voluntários ainda não traduziram este artigo para o Português (do Brasil). Junte-se a nós e ajude-nos a fazer o trabalho!
Você também pode ler o artigo em English (US).
Note: Due to a bug in Chrome, setting Cross-Origin-Resource-Policy can break file downloads, preventing visitors using Save as or Save image as on resources with the CORP header. Exercise caution when deciding to use this feature in a production environment.
The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser block no-cors cross-origin/cross-site requests to the given resource.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Syntax
Cross-Origin-Resource-Policy: same-site | same-origin | cross-site
Examples
The response header below will cause compatible user agents to disallow cross-origin no-cors requests:
Cross-Origin-Resource-Policy: same-origin
Specifications
| Specification | Status | Comment |
|---|---|---|
| Fetch | Living Standard | Initial definition |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cross-Origin-Resource-Policy | Chrome
Full support
73
| Edge No support No | Firefox Full support 69 | IE No support No | Opera No support No | Safari Full support 12 | WebView Android
Full support
73
| Chrome Android
Full support
73
| Firefox Android No support No | Opera Android No support No | Safari iOS Full support 12 | Samsung Internet Android No support No |
Legend
- Full support
- Full support
- No support
- No support
- See implementation notes.
- See implementation notes.