-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove Cross-Origin-*-Policy headers (#695)
These headers were introduced to enable embedding Playground on sites where CORP headers are set. However, choosing a header value like require-corp or credentialless has consequences for both sites trying to embed Playground, and the sites Playground wants to embed. In particular, it broke YouTube embeds (#411). Let's rollback these headers for now. Embedding Playground should still be possible on sites with CORP headers by using a credentialless iframe: [Chrome developer blog](https://developer.chrome.com/blog/iframe-credentialless/) says: > We're introducing <iframe credentialless> to help embed third-party iframes that don't set COEP Credentialless iframes generate ephemeral contexts for cookies and storage that are destroyed once the user navigates away from the top-level page. For the most part, it doesn't matter in Playground. In the future we might see a use-case for preserving the state of Playground embedded in a credentialless iframe. Let's revisit these headers if and when that happens,. Solves #411 Related to #586
- Loading branch information
Showing
5 changed files
with
0 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters