Nossos voluntários ainda não traduziram este artigo para o Português (do Brasil). Junte-se a nós e ajude-nos a fazer o trabalho!
Você também pode ler o artigo em English (US).

Note: Due to a bug in Chrome, setting Cross-Origin-Resource-Policy can break file downloads, preventing visitors using Save as or Save image as on resources with the CORP header. Exercise caution when deciding to use this feature in a production environment.

The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser block no-cors cross-origin/cross-site requests to the given resource.

Header type Response header
Forbidden header name no

Syntax

Cross-Origin-Resource-Policy: same-site | same-origin

Examples

The response header below will cause compatible user agents to disallow cross-origin no-cors requests:

Cross-Origin-Resource-Policy: same-origin

Specifications

Specification Status Comment
Fetch Living Standard Initial definition

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Cross-Origin-Resource-PolicyChrome Full support 73Edge No support NoFirefox No support NoIE No support NoOpera No support NoSafari Full support 12WebView Android Full support 73Chrome Android Full support 73Edge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS Full support 12Samsung Internet Android No support No

Legend

Full support  
Full support
No support  
No support

See also

Etiquetas do documento e colaboradores

Colaboradores desta página: lol768, Malvoz
Última atualização por: lol768,