From 2ff4d6a4e633e479568572090eb6a16074103cd9 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 7 Jul 2025 17:29:49 +0100
Subject: [PATCH] Add Cross-Origin-Opener-Policy header

Reported-by: Sam Jose <samjosep512@gmail.com>
---
 config/initializers/policy_headers.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 config/initializers/policy_headers.rb

diff --git a/config/initializers/policy_headers.rb b/config/initializers/policy_headers.rb
new file mode 100644
index 000000000..bfe8bc755
--- /dev/null
+++ b/config/initializers/policy_headers.rb
@@ -0,0 +1,19 @@
+module OpenStreetMap
+  module Rack
+    class PolicyHeaders
+      COOP_HEADER = "Cross-Origin-Opener-Policy".freeze
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        status, headers, response = @app.call(env)
+        headers[COOP_HEADER] = "same-origin" unless headers.key?(COOP_HEADER)
+        [status, headers, response]
+      end
+    end
+  end
+end
+
+Rails.configuration.middleware.use OpenStreetMap::Rack::PolicyHeaders
-- 
2.39.5