From 6f34e961117e756394dc65be3c28db82cbcb145c Mon Sep 17 00:00:00 2001
From: retoor <retoor@molodetz.nl>
Date: Tue, 8 Jul 2025 23:35:31 +0200
Subject: [PATCH] Update middleware.

---
 src/snek/system/middleware.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/snek/system/middleware.py b/src/snek/system/middleware.py
index 993051a..449f4d9 100644
--- a/src/snek/system/middleware.py
+++ b/src/snek/system/middleware.py
@@ -69,4 +69,9 @@ async def cors_middleware(request, handler):
     response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
     response.headers["Access-Control-Allow-Headers"] = "*"
     response.headers["Access-Control-Allow-Credentials"] = "true"
+    response.headers["Cross-Origin-Opener-Policy"] = "same-origin"
+    # Uncomment ONE of the following two lines, as needed:
+    # response.headers["Cross-Origin-Embedder-Policy"] = "require-corp"
+    response.headers["Cross-Origin-Embedder-Policy"] = "credentialless"
+ 
     return response