The HTTP Cross-Origin-Resource-Policy response header indicates that the server wants the client to block no-cors cross-origin and cross-site HTTP requests for the resource.
The HTTP Cross-Origin-Resource-Policy response header is sent by the server to instruct the client to block access to a specific resource. This is intended to protect resources against certain types of attacks.
There are three directives including
same-origin directive isolates the browsing context such that it is available only to documents of the same origin. No cross-origin document will be accessed within the same browsing context. For example, www.example.re is of a different origin than dev.example.re and thus, can not rely on resources when the
same-origin directive is present. To do so, use the
same-site directive instead.
same-site directive isolates the browsing context such that it is available only to documents that belong to the same site. It otherwise restricts cross-origin documents.
cross-origin directive is specified, it removes any cross-origin restrictions. This is useful for situations where a client hosts resources that other people or organizations depend on.
In this example, the server directs clients to disallow cross-origin no-cors HTTP requests.
The Cross-Origin-Resource-Policy response header is sent by the server to instruct the client to block access to the resource. Specifically, cross-origin no-cors access shall be disallowed.