From 3d1ea12f05332a0c414366eb50e2fcfcb3a99f2f Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Thu, 4 Jul 2024 21:04:29 +0200
Subject: add cross-origin-resource-policy header

---
 netlify.toml | 1 +
 vercel.json  | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index ec51225..88a3cba 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -23,6 +23,7 @@ Strict-Transport-Security = "max-age=63072000; includeSubdomains"
 # openssl dgst -sha256 -binary < templates/style.css.html | openssl enc -base64
 # and paste the output after sha256-
 Content-Security-Policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'sha256-p5EfRIhWJi7Zh7WJil3mpIVCZvcu+zebWbMe6B0so8A='; form-action 'none'; base-uri 'self'; frame-ancestors 'none'"
+Cross-Origin-Resource-Policy = "same-site"
 Cache-Control = '''
   max-age=300,
   s-maxage=86400,
diff --git a/vercel.json b/vercel.json
index c23d334..4e5615b 100644
--- a/vercel.json
+++ b/vercel.json
@@ -24,6 +24,10 @@
           "key": "X-XSS-Protection",
           "value": "1; mode=block"
         },
+        {
+          "key": "Cross-Origin-Resource-Policy",
+          "value": "same-site"
+        },
         {
           "key": "Referrer-Policy",
           "value": "strict-origin-when-cross-origin"
-- 
cgit 1.4.1