Cross-Origin-Resource-Policy

HTTP Cross-Origin-Resource-Policy 响应标头表示期望浏览器阻止对给定资源在 no-cors 模式下的跨源或跨站点请求。

标头类型 响应标头
禁止修改的标头

语法

http
Cross-Origin-Resource-Policy: same-site | same-origin | cross-origin

示例

以下响应标头将导致兼容的用户代理拒绝 no-cors 模式下的跨源请求:

http
Cross-Origin-Resource-Policy: same-origin

有关更多示例,请参阅 https://resourcepolicy.fyi/

规范

Specification
Fetch
# cross-origin-resource-policy-header

浏览器兼容性

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
Cross-Origin-Resource-Policy

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
See implementation notes.

参见