From 2ff4d6a4e633e479568572090eb6a16074103cd9 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 7 Jul 2025 17:29:49 +0100 Subject: [PATCH] Add Cross-Origin-Opener-Policy header Reported-by: Sam Jose --- config/initializers/policy_headers.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 config/initializers/policy_headers.rb diff --git a/config/initializers/policy_headers.rb b/config/initializers/policy_headers.rb new file mode 100644 index 000000000..bfe8bc755 --- /dev/null +++ b/config/initializers/policy_headers.rb @@ -0,0 +1,19 @@ +module OpenStreetMap + module Rack + class PolicyHeaders + COOP_HEADER = "Cross-Origin-Opener-Policy".freeze + + def initialize(app) + @app = app + end + + def call(env) + status, headers, response = @app.call(env) + headers[COOP_HEADER] = "same-origin" unless headers.key?(COOP_HEADER) + [status, headers, response] + end + end + end +end + +Rails.configuration.middleware.use OpenStreetMap::Rack::PolicyHeaders -- 2.39.5