socket-function 0.77.0 → 0.78.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SocketFunction.ts +4 -0
- package/package.json +1 -1
- package/src/callHTTPHandler.ts +1 -2
package/SocketFunction.ts
CHANGED
|
@@ -65,6 +65,10 @@ export class SocketFunction {
|
|
|
65
65
|
|
|
66
66
|
public static HTTP_COMPRESS = false;
|
|
67
67
|
|
|
68
|
+
// If you have HTTP resources that require cookies you might to set `SocketFunction.COEP = "require-corp"`
|
|
69
|
+
// - Cross-origin-resource-policy.
|
|
70
|
+
public static COEP = "credentialless";
|
|
71
|
+
|
|
68
72
|
// In retrospect... dynamically changing the wire serializer is a BAD idea. If any calls happen
|
|
69
73
|
// before it is changed, things just break. Also, it needs to be changed on both sides,
|
|
70
74
|
// or else things break. Also, it is very hard to detect when the issue is different serializers
|
package/package.json
CHANGED
package/src/callHTTPHandler.ts
CHANGED
|
@@ -65,8 +65,7 @@ export async function httpCallHandler(request: http.IncomingMessage, response: h
|
|
|
65
65
|
{
|
|
66
66
|
response.setHeader("Strict-Transport-Security", "max-age=63072000; includeSubDomains; preload");
|
|
67
67
|
response.setHeader("Cross-Origin-Opener-Policy", "same-origin-allow-popups");
|
|
68
|
-
|
|
69
|
-
response.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
|
|
68
|
+
response.setHeader("Cross-Origin-Embedder-Policy", SocketFunction.COEP);
|
|
70
69
|
|
|
71
70
|
let origin = request.headers.origin || request.headers.referer;
|
|
72
71
|
let allowed = false;
|