Response headers allow list API
The response headers allow list API makes it possible to add domains to the Content-Security-Policy and Permissions-Policy headers and alter the value of the Cross-Origin headers while developing modules.
The API works only with Sitefinity CMS modules and static blob storage providers that implement the IHttpSecurityHeadersProvider interface.
The interface has the GetHeaders method where a list with headers can be added.
For the Content-Security-Policy and Permissions-Policy you can only add new domains via the API, while for the Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy you can only override the values of these headers if the values you introduce with the API are less strict than the values configured in the project.
This is a sample implementation of the API without the context of the module it is incorporated in.