Cross-Origin-Resource-Policy: preventing hotlinking and XSSI attacks

In this post I describe how to use the Cross-Origin-Resource-Policy to block cross-origin requests that would normally be allowed, such as in tags…