htmlbrowsercross-domaincross-origin-opener-policyffmpeg-wasm

How to allow certain origin in a crossOriginIsolated page (COEP header)?


In order to use SharedArrayBuffer that I need for FFmpeg-wasm, I need to enable cross-origin isolation. However I cannot load any resources from my CDN. In this documentation:

Once you do this, your page will not be able to load cross-origin content unless the resource explicitly allows it via a Cross-Origin-Resource-Policy header or CORS headers (Access-Control-Allow-* and so forth).

I tried looking at their documentation on CORP header but I cannot find any useful information on how to enable certain origins. My CDN already has access-control-allow-origin: * header but seems like it's not the correct header.

What do I need to do to allow https://cdn.example.com/resource.js in my website?


Solution

  • I found out the Cross-Origin-Resource-Policy is NOT for my web page, but for the CDN resource (i.e. the server serving the JS file). Adding the header to my CDN server solves the problem. For example, https://cdn.example.com/resource.js must respond with this header:

    Cross-Origin-Resource-Policy: cross-origin