From e86e895913723198096b454062ebf9531f48dbf4 Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Tue, 16 Sep 2025 15:19:10 +0000
Subject: [PATCH] Add cross-origin isolation headers to GET responses.

---
 src/pages.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pages.go b/src/pages.go
index 7a49517..1a90c5d 100644
--- a/src/pages.go
+++ b/src/pages.go
@@ -83,6 +83,10 @@ func getPage(w http.ResponseWriter, r *http.Request) error {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Max-Age", "86400")
 
+		// allow the use of multi-threading in WebAssembly
+		w.Header().Set("Cross-Origin-Embedder-Policy", "credentialless")
+		w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
+
 		// always check whether content has changed with the origin server; it is cheap to handle
 		// ETag or If-Modified-Since queries and it avoids stale content being served
 		w.Header().Set("Cache-Control", "public, max-age=0, must-revalidate")