From ce74ea7324b43dc99bf65f276dad4ab762e9b00e Mon Sep 17 00:00:00 2001
From: Lucas Gelfond <lucas_gelfond@brown.edu>
Date: Mon, 23 Dec 2024 18:00:50 -0800
Subject: [PATCH] modify way of setting headers  on test

---
 .github/workflows/CI.yml   | 8 ++++----
 apps/vanilla-app/server.js | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index b9ed628..ace748b 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -98,17 +98,17 @@ jobs:
           CHROME_HEADLESS: 1
           CHROME_PATH: chrome
           CHROME_FLAGS: "--headless --disable-gpu --no-sandbox --enable-features=SharedArrayBuffer,CrossOriginIsolation"
-          HEADERS: '{"Cross-Origin-Opener-Policy": "same-origin", "Cross-Origin-Embedder-Policy": "require-corp"}'
+          HEADERS: '{"Cross-Origin-Opener-Policy":"same-origin","Cross-Origin-Embedder-Policy":"require-corp","Cross-Origin-Resource-Policy":"cross-origin","Origin-Agent-Cluster":"?1"}'
         run: |
-          # Start test server with proper headers for all tests
-          npm run serve -- --headers "$HEADERS" &
+          # Start test server with proper headers
+          npm run serve -- --headers "${HEADERS}" &
 
           # Increase wait time to ensure server is ready
           sleep 15
 
           # Verify headers and isolation status
           echo "Checking security headers and isolation status..."
-          curl -v http://localhost:3000/tests/ffmpeg-core-st.test.html 2>&1 | grep -i "cross-origin"
+          curl -I http://localhost:3000/tests/ffmpeg-core-st.test.html
 
           # Run verification script first
           echo "Verifying browser environment..."
diff --git a/apps/vanilla-app/server.js b/apps/vanilla-app/server.js
index 670e4de..adc32c5 100644
--- a/apps/vanilla-app/server.js
+++ b/apps/vanilla-app/server.js
@@ -6,9 +6,9 @@ const PORT = 8080;
 const ROOT = path.join(__dirname, "public");
 
 app.use((_, res, next) => {
-  res.append("Cross-Origin-Opener-Policy", "same-origin");
-  res.append("Cross-Origin-Embedder-Policy", "require-corp");
-  res.append("Cross-Origin-Resource-Policy", "cross-origin");
+  res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
+  res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
+  res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
   next();
 });