[READ-ONLY] Mirror of https://github.com/bombshell-dev/docs. bomb.sh/docs
0

Configure Feed

Select the types of activity you want to include in your feed.

fix(corp): add corp header

Nate Moore (Apr 4, 2026, 10:11 PM EDT) eb1acd3e 909d14b5

+8 -5
+3 -2
astro.config.mjs
··· 14 14 outDir: "./dist/docs/", 15 15 server: { 16 16 headers: { 17 - 'Cross-Origin-Embedder-Policy': 'credentialless', 18 - 'Cross-Origin-Opener-Policy': 'same-origin' 17 + 'Cross-Origin-Embedder-Policy': 'require-corp', 18 + 'Cross-Origin-Opener-Policy': 'same-origin', 19 + 'Cross-Origin-Resource-Policy': 'cross-origin' 19 20 } 20 21 }, 21 22 integrations: [
+2 -1
public/_headers
··· 1 1 /* 2 - Cross-Origin-Embedder-Policy: credentialless 2 + Cross-Origin-Embedder-Policy: require-corp 3 3 Cross-Origin-Opener-Policy: same-origin 4 + Cross-Origin-Resource-Policy: cross-origin
+2 -1
router/src/index.ts
··· 7 7 if (url.pathname.startsWith("/docs")) { 8 8 const response = await fetch(new URL(url.pathname, "https://docs.bomb.sh/")); 9 9 const headers = new Headers(response.headers); 10 - headers.set("Cross-Origin-Embedder-Policy", "credentialless"); 10 + headers.set("Cross-Origin-Embedder-Policy", "require-corp"); 11 11 headers.set("Cross-Origin-Opener-Policy", "same-origin"); 12 + headers.set("Cross-Origin-Resource-Policy", "cross-origin"); 12 13 return new Response(response.body, { 13 14 status: response.status, 14 15 statusText: response.statusText,
+1 -1
src/components/WebContainer/WebContainer.astro
··· 20 20 let bootError: string | null = null; 21 21 22 22 try { 23 - host = await WebContainer.boot({ coep: 'credentialless', workdirName: 'demo' }); 23 + host = await WebContainer.boot({ coep: 'require-corp', workdirName: 'demo' }); 24 24 const base = (import.meta.env.BASE_URL || '/').replace(/\/?$/, ''); 25 25 const snapshotUrl = `${base}/snapshot`; 26 26 const snapshotResponse = await fetch(snapshotUrl);