Add ‘Cross-Origin-Resource-Policy: cross-origin’ to response headers

[Gnorme]

✅ Prerequisites

• [ ✅ ] Did you perform a cursory search of open issues? Is this feature already requested elsewhere?
• [ ✅ ] Are you reporting to the correct repository (magic-sdk)?

✨ Feature Request

Add ‘Cross-Origin-Resource-Policy: cross-origin’ to the response headers of requests. This would enable Magic SDK to be used on cross-origin isolated pages.

🧩 Context

The ‘Cross-Origin-Resource-Policy' response header is not set to anything for requests made using magic-sdk. I currently can’t use magic.user.getInfo() or similar requests on my page because it needs to be cross-origin isolated to use FFmpeg.wasm.

[am-hernandez]

Hi @Gnorme ,

Thank you for reporting this feature request. We will follow up with you here when we have an update to share!

Thank you!

[ayv8er]

@Gnorme, please navigate to the settings of your Magic app under the Content Security Policy section, and add the URL in question. This may resolve your issue.

[Gnorme]

@Gnorme, please navigate to the settings of your Magic app under the Content Security Policy section, and add the URL in question. This may resolve your issue.

This did not solve my issue. I'm still getting:

My solution has been to issue a DID Token and store it in local storage before navigating to the cross-origin isolated page. Then I use the DID Token server-side to verify the user.