Blob storage COEP and cross origin isolation support

Question

Does Blob storage support or are there any plans to add support in the future for cross origin isolation (Cross-Origin-Embedder-Policy: require-corp)?

Situation: There is a page with COEP header specified, it wants to load a PDF document in an iframe from a blob storage but it fails.

According to https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit
"Same-origin iframes must allow themselves to be loaded by setting their own COEP header."

The fail must be because there is no COEP header in response from a blob storage.
So the question is: is there a way to configure it somehow? if not, what's the suggested worksaround?

Thanks!

Answer 1

After some investigation, it turns out that a Blob Storage service does not support COEP or CORP. And as of today there is not way you can configure Blob Storage to include Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy header in the response.
Two things can be done here to workaround that:

1. Use Azure CDN and it's rule engine to modify the origin response headers ( https://learn.microsoft.com/en-us/azure/cdn/cdn-standard-rules-engine-reference ) . This incurs additional charges for CDN usage.
2. Introduce a reverse proxy in front of the blob storage to add\rewire custom response headers.