在启用同源 CORS 以允许 SharedArrayBuffer 后,web 工作文件的 304 ERR_BLOCKED_BY_RESPONSE
[英]304 ERR_BLOCKED_BY_RESPONSE for web worker file after enabling same-origin CORS to allow SharedArrayBuffer
问题描述
I'm looking to do some multithreading for my web application to improve performance and I've stumbled upon a head-scratcher.
我正在为我的 web 应用程序做一些多线程处理以提高性能,但我偶然发现了一个令人头疼的问题。 I'm currently developing on localhost (vite server) on Chrome.我目前正在 Chrome 上的 localhost(vite 服务器)上开发。
Basically I have spawned a web worker.基本上我已经产生了一个 web 工人。 Then I created a SharedArrayBuffer.然后我创建了一个 SharedArrayBuffer。
At first, the SharedArrayBuffer was getting an error that it wasn't defined.起初,SharedArrayBuffer 收到一个未定义的错误。 I found out it is disabled unless you specify that you only want to allow same-origin on cors.我发现它被禁用,除非你指定你只想在 cors 上允许同源。 So I added these headers to my vite server:所以我将这些标头添加到我的 vite 服务器:
'Cross-Origin-Embedder-Policy': 'require-corp',
'Cross-Origin-Opener-Policy': 'same-origin',
It solved the problem with SharedArrayBuffer.它解决了 SharedArrayBuffer 的问题。 But then, I started getting 304 errors for my worker但是后来,我开始为我的工人收到 304 错误
GET http://localhost:5001/js/searchWorker.js net::ERR_BLOCKED_BY_RESPONSE 304
If I allow cross origin with a wildcard, the web worker works, but the shared array buffer does not.如果我允许使用通配符进行跨域,则 web 工作人员可以工作,但共享数组缓冲区不能。 And vice versa.反之亦然。 I don't really understand as well because shouldn't it allow searchWorker.js because it's at the same origin (localhost)?我也不太明白,因为它不应该允许 searchWorker.js 因为它位于同一来源(本地主机)吗?
I don't really understand how to fix this issue!我真的不明白如何解决这个问题!
Thanks!谢谢!
1 个解决方案
解决方案1
1 已采纳 2022-09-20 08:54:31
An origin is defined by the combination of scheme (protocol) + hostname (domain) + port of the URL.源由URL 的方案(协议)+主机名(域)+端口的组合定义。
I haven't used vite in a while, but I think that your web page and web worker are served on different ports (8080 and 5001 maybe?), so they are on different origins .我有一段时间没有使用 vite,但我认为您的 web 页面和 web 工作人员在不同的端口(可能是 8080 和 5001?)上提供服务,因此它们位于不同的来源。 That would explain why the web worker works if you add a wildcard.这可以解释为什么如果您添加通配符,web 工作程序可以工作。
On the other hand, using a wildcard to allow cross-origin fetches prevents you from achieving the status of cross-origin isolation, which is a requirement if you want to use SharedArrayBuffer .另一方面,使用通配符允许跨域获取会阻止您实现跨域隔离状态,如果您想使用SharedArrayBuffer ,这是一个要求。
Since the web worker script is a cross-origin resource, fetching it is a cross-origin fetch, which is blocked by cross-origin isolation unless you explicitly opt-in (ie you tell the browser that is ok to fetch that resource).由于 web 工作脚本是跨域资源,因此获取它是跨域获取,除非您明确选择加入(即您告诉浏览器可以获取该资源),否则跨域隔离会阻止它。
From the article Making your website "cross-origin isolated" using COOP and COEP :来自使用 COOP 和 COEP 使您的网站“跨域隔离”一文:
For a document or a worker served with
COEP: require-corp, cross-origin subresources loaded without CORS must set theCross-Origin-Resource-Policy: cross-originheader to opt into being embedded.COEP: require-corp服务的文档或工作人员,未加载 CORS 的跨域子资源必须设置Cross-Origin-Resource-Policy: cross-originheader 以选择嵌入。 For example, this applies to<script>,importScripts,<link>,<video>,<iframe>, etc.<script>、importScripts、<link>、<video>、<iframe>等。
I think the solution is to configure the vite dev server to add a Cross-Origin-Resource-Policy: cross-origin response header to the worker script.我认为解决方案是配置 vite 开发服务器以添加Cross-Origin-Resource-Policy: cross-origin response header 到工作脚本。
See also these links:另请参阅以下链接:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.