stackoom
  简体   繁体   中英

304 ERR_BLOCKED_BY_RESPONSE for web worker file after enabling same-origin CORS to allow SharedArrayBuffer

 原文  2022-09-08 16:47:59       web-worker/ http-status-code-304/ sharedarraybuffer/ cross-origin-embedder-policy/ cross-origin-resource-policy

Question

I'm looking to do some multithreading for my web application to improve performance and I've stumbled upon a head-scratcher. I'm currently developing on localhost (vite server) on Chrome.

Basically I have spawned a web worker. Then I created a SharedArrayBuffer.

At first, the SharedArrayBuffer was getting an error that it wasn't defined. I found out it is disabled unless you specify that you only want to allow same-origin on cors. So I added these headers to my vite server:

        'Cross-Origin-Embedder-Policy': 'require-corp',
        'Cross-Origin-Opener-Policy': 'same-origin',

It solved the problem with SharedArrayBuffer. But then, I started getting 304 errors for my worker

GET http://localhost:5001/js/searchWorker.js net::ERR_BLOCKED_BY_RESPONSE 304

If I allow cross origin with a wildcard, the web worker works, but the shared array buffer does not. And vice versa. I don't really understand as well because shouldn't it allow searchWorker.js because it's at the same origin (localhost)?

I don't really understand how to fix this issue!

Thanks!

1 answers

solution1
 1 ACCPTED  2022-09-20 08:54:31

An origin is defined by the combination of scheme (protocol) + hostname (domain) + port of the URL.

I haven't used vite in a while, but I think that your web page and web worker are served on different ports (8080 and 5001 maybe?), so they are on different origins . That would explain why the web worker works if you add a wildcard.

On the other hand, using a wildcard to allow cross-origin fetches prevents you from achieving the status of cross-origin isolation, which is a requirement if you want to use SharedArrayBuffer .

Since the web worker script is a cross-origin resource, fetching it is a cross-origin fetch, which is blocked by cross-origin isolation unless you explicitly opt-in (ie you tell the browser that is ok to fetch that resource).

From the article Making your website "cross-origin isolated" using COOP and COEP :

For a document or a worker served with COEP: require-corp , cross-origin subresources loaded without CORS must set the Cross-Origin-Resource-Policy: cross-origin header to opt into being embedded. For example, this applies to <script> , importScripts , <link> , <video> , <iframe> , etc.

I think the solution is to configure the vite dev server to add a Cross-Origin-Resource-Policy: cross-origin response header to the worker script.

See also these links:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Web Worker blocked by main thread in Chrome Web worker blocked by self.crossOriginIsolated on Cypress Execute web worker from different origin CORS XMLHttpRequest fails in IE10-11 web worker Is web worker unavailable when cross-origin isolation is enabled Cross-Origin Resource Sharing (CORS) using JSONP and Web Workers Origin file:// is not allowed by Access-Control-Allow-Origin with WebWorker How to wrap Web Worker response messages in futures? How to check if a URL is same origin as current page and/or worker How to handle multiple request to same Web Worker
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM