readthedocs · agjohnson · Feb 14, 2026 · Feb 14, 2026 · Feb 14, 2026 · humitos
@@ -114,6 +114,7 @@ server {
         add_header X-Content-Type-Options $x_content_type_options always;
 
         # https://docs.djangoproject.com/en/4.2/ref/middleware/#cross-origin-opener-policy
+        proxy_hide_header Cross-Origin-Opener-Policy;
         set $cross_origin_opener_policy $upstream_http_cross_origin_opener_policy;
 proxy_hide_header Content-Security-Policy; 
 set $content_security_policy $upstream_http_content_security_policy; 
 add_header Content-Security-Policy $content_security_policy always; 
 proxy_hide_header Content-Security-Policy; 
 set $content_security_policy $upstream_http_content_security_policy; 
 add_header Content-Security-Policy $content_security_policy always; 
         add_header Cross-Origin-Opener-Policy $cross_origin_opener_policy always;
 

@@ -0,0 +1,31 @@
+# Generated by Django 5.2.8 on 2026-02-14 02:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("projects", "0158_add_search_subproject_filter_option"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="httpheader",
+            name="name",
+            field=models.CharField(
+                choices=[
+                    ("access_control_allow_origin", "Access-Control-Allow-Origin"),
+                    ("access_control_allow_headers", "Access-Control-Allow-Headers"),
+                    ("access_control_expose_headers", "Access-Control-Expose-Headers"),
+                    ("content_security_policy", "Content-Security-Policy"),
+                    ("cross_origin_opener_policy", "Cross-Origin-Opener-Policy"),
+                    ("feature_policy", "Feature-Policy"),
+                    ("permissions_policy", "Permissions-Policy"),
+                    ("referrer_policy", "Referrer-Policy"),
+                    ("x_frame_options", "X-Frame-Options"),
+                    ("x_content_type_options", "X-Content-Type-Options"),
+                ],
+                max_length=128,
+            ),
+        ),
+    ]
@@ -2028,6 +2028,7 @@ class HTTPHeader(TimeStampedModel, models.Model):
         ("access_control_allow_headers", "Access-Control-Allow-Headers"),
         ("access_control_expose_headers", "Access-Control-Expose-Headers"),
         ("content_security_policy", "Content-Security-Policy"),
+        ("cross_origin_opener_policy", "Cross-Origin-Opener-Policy"),
         ("feature_policy", "Feature-Policy"),
         ("permissions_policy", "Permissions-Policy"),
         ("referrer_policy", "Referrer-Policy"),