From 6f28dfc5e3295e099e04d441f6ac6fa8843c8495 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 16 Apr 2026 17:40:56 +0200
Subject: [PATCH 1/2] also set Origin-Agent-Cluster header

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/headers.Caddyfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/headers.Caddyfile b/Containers/mastercontainer/headers.Caddyfile
index 0f55bf7b..bdbfc459 100644
--- a/Containers/mastercontainer/headers.Caddyfile
+++ b/Containers/mastercontainer/headers.Caddyfile
@@ -17,6 +17,7 @@ header {
     X-DNS-Prefetch-Control "off" # Tells the browser to not pre-fetch the DNS of linked pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-DNS-Prefetch-Control
     Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
     X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
+    Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
     Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
     Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
     Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy

From 21a140890a481fe4188193da91da686e0a752ad8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Apr 2026 17:52:18 +0200
Subject: [PATCH 2/2] Add Caddyfile path to Playwright workflow triggers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/playwright-on-push.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml
index 15f0821d..d81c4b18 100644
--- a/.github/workflows/playwright-on-push.yml
+++ b/.github/workflows/playwright-on-push.yml
@@ -4,11 +4,13 @@ on:
   pull_request:
     paths:
       - 'php/**'
+      - 'Containers/mastercontainer/*.Caddyfile'
   push:
     branches:
       - main
     paths:
       - 'php/**'
+      - 'Containers/mastercontainer/*.Caddyfile'
 
 concurrency:
   group: playwright-${{ github.head_ref || github.run_id }}