From a60346bfefe46bf5d86e4133d92d41897ac0bbce Mon Sep 17 00:00:00 2001
From: Andrew Jakubowicz <ajakubowicz@google.com>
Date: Thu, 6 Oct 2022 13:06:06 -0700
Subject: [PATCH 1/2] add require-corp embedder policy header to service worker

---
 src/service-worker/playground-service-worker.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/service-worker/playground-service-worker.ts b/src/service-worker/playground-service-worker.ts
index ba388841..a638a2b1 100755
--- a/src/service-worker/playground-service-worker.ts
+++ b/src/service-worker/playground-service-worker.ts
@@ -112,6 +112,7 @@ const getFile = async (_e: FetchEvent, path: string, sessionId: SessionID) => {
   // https://web.dev/origin-agent-cluster/
   // https://html.spec.whatwg.org/multipage/origin.html#origin-keyed-agent-clusters
   headers.set('Origin-Agent-Cluster', '?1');
+  headers.set('Cross-Origin-Embedder-Policy', 'require-corp');
   if (contentType) {
     headers.set('Content-Type', contentType);
   }

From 1268c8acdef200dfa9fdcfdd9cca2550957394b2 Mon Sep 17 00:00:00 2001
From: Andrew Jakubowicz <ajakubowicz@google.com>
Date: Mon, 10 Oct 2022 09:44:57 -0700
Subject: [PATCH 2/2] add changelog entry

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c09df55..9f2068a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - TypeScript version upgraded from `4.4.4` to `4.7.4`.
 - `PlaygroundConnectedElement` `project` is now permitted to be `undefined` according to TypeScript.
 
+### Added
+
+- The service worker now sets the [`Cross-Origin-Embedder-Policy: require-corp`](https://html.spec.whatwg.org/multipage/origin.html#coep-require-corp)
+  heading on all responses.
+
 ## [0.16.3] - 2022-08-02
 
 ### Added