plume/cross_origin_embedder_policy

Cross-Origin Embedder Policy (COEP)

This response header controls whether a document can load cross-origin resources that don’t explicitly grant permission via CORS or Cross-Origin-Resource-Policy. Required alongside Cross-Origin-Opener-Policy to enable cross-origin isolation. Not configured by default.

See the MDN docs.

Types

CrossOriginEmbedderPolicy

</>

A Cross-Origin-Embedder-Policy header value.

pub type CrossOriginEmbedderPolicy {
  UnsafeNone
  RequireCorp
  Credentialless
}

Constructors

```
UnsafeNone
```
Allows the document to fetch cross-origin resources without explicit permission. Browser default.
```
RequireCorp
```
Restricts the document to same-origin resources and cross-origin resources that explicitly grant permission.
```
Credentialless
```
Like RequireCorp, but no-cors cross-origin requests are sent without credentials.

Values

to_string

</>

pub fn to_string(value: CrossOriginEmbedderPolicy) -> String

Encode as the Cross-Origin-Embedder-Policy header value.