fix(serviceworker): Enhance header security for cached resources in service worker

changelog.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2025-02-06 - 3.0.67 - fix(serviceworker)
+Enhance header security for cached resources in service worker
+
+- Added Cross-Origin-Resource-Policy header management for service worker cached resources.
+
 ## 2025-02-06 - 3.0.66 - fix(serviceworker)
 Improve error handling and logging in cache manager and update manager.
 

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@api.global/typedserver',
-  version: '3.0.66',
+  version: '3.0.67',
   description: 'A TypeScript-based project for easy serving of static files with support for live reloading, compression, and typed requests.'
 }

ts_web_serviceworker/classes.cachemanager.ts

@@ -174,6 +174,16 @@ export class CacheManager {
               if (!headers.has('Access-Control-Allow-Headers')) {
                 headers.set('Access-Control-Allow-Headers', 'Content-Type');
               }
+              
+              // Set Cross-Origin-Resource-Policy
+              if (matchRequest.url.startsWith(this.losslessServiceWorkerRef.serviceWindowRef.location.origin)) {
+                // For same-origin resources
+                headers.set('Cross-Origin-Resource-Policy', 'same-origin');
+              } else {
+                // For cross-origin resources that we explicitly allow
+                headers.set('Cross-Origin-Resource-Policy', 'cross-origin');
+              }
+
               // Prevent browser caching while allowing ServiceWorker caching.
               headers.set('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
               headers.set('Pragma', 'no-cache');