From fe66815ddfe2683523c7967f20908eac769f2bcc Mon Sep 17 00:00:00 2001
From: netpro2k <netpro2k@gmail.com>
Date: Wed, 23 Feb 2022 18:09:11 -0800
Subject: [PATCH] Add cross-origin headers required for SABs

---
 lib/ret_web/router.ex | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/ret_web/router.ex b/lib/ret_web/router.ex
index d98429be4..fa5009584 100644
--- a/lib/ret_web/router.ex
+++ b/lib/ret_web/router.ex
@@ -4,12 +4,20 @@ defmodule RetWeb.Router do
   use Sentry.Plug
 
   pipeline :secure_headers do
-    plug(:put_secure_browser_headers)
+    plug(:put_secure_browser_headers, %{
+      "cross-origin-opener-policy" => "same-origin",
+      "cross-origin-resource-policy" => "require-corp"
+    })
+
     plug(RetWeb.Plugs.AddCSP)
   end
 
   pipeline :strict_secure_headers do
-    plug(:put_secure_browser_headers)
+    plug(:put_secure_browser_headers, %{
+      "cross-origin-opener-policy" => "same-origin",
+      "cross-origin-resource-policy" => "require-corp"
+    })
+
     plug(RetWeb.Plugs.AddCSP, strict: true)
   end