-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Struggling with using PostHog and Security Headers #976
Comments
crossorigin
to the PostHog script added by the library
Hey @MathiasWP I've not used COEP before and just reading up here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#avoiding_coep_blockage_with_cors
eu.posthog.com should be sending the correct CORS headers, so I think this is "only" a request to add the Does that sound right based on what you see with your site? Is it only the |
To be honest, i am not sure if only adding Let me know if there's any way i can help! |
What's the status on this issue? |
We're setting our Security Headers with Helmet.js' default values. PostHog is crashing because setting
Cross-Origin-Embedder-Policy
torequire-corp
requires thecrossorigin
attribute to be set toanonymous
. How can this attribute be set on the PostHog scripts that are added during runtime?Current workaround: Setting
Cross-Origin-Embedder-Policy
tocredentialless
, which is not ideal.Screenshot of the error in Chrome:
The text was updated successfully, but these errors were encountered: