From 888f63af95a2f8a325d84fc0a558d8ba11cbba5e Mon Sep 17 00:00:00 2001
From: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
Date: Wed, 10 Jan 2024 08:56:52 +0100
Subject: [PATCH] Add CORP header to /download and /thumbnail

---
 mediaapi/routing/routing.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mediaapi/routing/routing.go b/mediaapi/routing/routing.go
index e0af4a911d..5963eeaae5 100644
--- a/mediaapi/routing/routing.go
+++ b/mediaapi/routing/routing.go
@@ -123,6 +123,7 @@ func makeDownloadAPI(
 
 		// Set internal headers returned regardless of the outcome of the request
 		util.SetCORSHeaders(w)
+		w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin")
 		// Content-Type will be overridden in case of returning file data, else we respond with JSON-formatted errors
 		w.Header().Set("Content-Type", "application/json")