I have my COEP set to 'require-corp' because I need cross origin isolation enabled. I'm trying to embed an svg in an tag like this:
<object type="image/svg+xml" data="resource.svg"></object>
However the resource isn't loading and I'm receiving this error:
Refused to display 'http://localhost:PORT/resource.svg' in a frame because of Cross-Origin-Embedder-Policy.
The resource is a local resource, same origin. It doesn't only happen locally, I also tried on my server (in case it was because of http). I've tried using both iframe and object tags but can't get it to load.
These are the request headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://localhost:4173/rec_test
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
These are the response headers:
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=0,must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/svg+xml
Date: Tue, 27 Jun 2023 15:03:55 GMT
ETag: W/"90946-1687877113441"
Keep-Alive: timeout=5
Last-Modified: Tue, 27 Jun 2023 14:45:13 GMT
Transfer-Encoding: Identity