Allow to configure the Cross-Origin-Resource-Policy #1913
Description
Otherwise, site using a Cross Origin Embedder Policy cannot load an image from https://kroki.io.
I think it's safe to use cross-origin by default: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy#cross-origin