CrossOriginEmbedderPolicy

Builder for the Cross-Origin-Embedder-Policy (COEP) HTTP response header.

Usage

Source

CrossOriginEmbedderPolicy()

COEP controls how the document embeds and loads cross-origin resources, with directives that range from no isolation (unsafe-none) to strict isolation (require-corp) or credentialless loading.

Default header value: require-corp

Notes

* Per MDN, omitting the header is equivalent to unsafe-none. * Each helper closes over canonical MDN directives while value(...) acts as an escape hatch for custom strings.

Resources: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy - https://owasp.org/www-project-secure-headers/#cross-origin-embedder-policy

Parameter Attributes

header_name: str

_directive: str = HeaderDefaultValue.CROSS_ORIGIN_EMBEDDER_POLICY.value