chore(nimbus): Revert "chore(nimbus): Set Cross-Origin-Opener-Policy response header (#12637)" (#12665)

Becuase

* We set the cross origin header in the Django response headers to
prevent auth token leaks
* This does not actually solve the problem because the header must be
set in Nginx, not Django

This commit

* Reverts adding the cross origin response header in Django

fixes #12664

This reverts commit 64ed59c.

Co-authored-by: Yashika Khurana <yashikakhuranayashika@gmail.com>

Author: jaredlockhart

experimenter/experimenter/openidc/middleware.py

@@ -51,9 +51,7 @@ def __call__(self, request):
         request.user = user
 
         if self.get_response:
-            response = self.get_response(request)
-            response.headers["Cross-Origin-Opener-Policy"] = "same-origin"
-            return response
+            return self.get_response(request)
 
 
 class OpenIDCRestFrameworkAuthenticator(SessionAuthentication):

experimenter/experimenter/openidc/tests/test_middleware.py

@@ -10,8 +10,7 @@
 
 class OpenIDCAuthMiddlewareTests(TestCase):
     def setUp(self):
-        self.response = mock.Mock()
-        self.response.headers = {}
+        self.response = "Response"
         self.middleware = OpenIDCAuthMiddleware(lambda request: self.response)
 
         mock_resolve_patcher = mock.patch("experimenter.openidc.middleware.resolve")
@@ -62,7 +61,6 @@ def test_user_created_with_correct_email_from_header(self):
             response = self.middleware(request)
 
         self.assertEqual(response, self.response)
-        self.assertEqual(response.headers["Cross-Origin-Opener-Policy"], "same-origin")
         self.assertEqual(User.objects.all().count(), 1)
 
         self.assertEqual(request.user.email, user_email)