Setting Cross-Origin headers for static sites

I’d like to create a demo using - npm which requires the Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers to be set. Is there anyway to configure these for a static Glitch site?

1 Like

Hi and welcome, @lrowe! Unfortunately, this isn’t possible for a static site, although I believe Glitch has a default CORS policy for some kind of files, and you can implement some kind of system to prevent <iframe>s

Unfortunately due to security concerns a number of advanced browser features are now gated behind the top level document being served with appropriate headers to opt into cross origin isolation. For example see: SharedArrayBuffer - JavaScript | MDN

It would be great if Glitch considered adding support for this so it can stay relevant for more advanced browser use cases.

Try out coi-serviceworker - npm - it uses a service worker to alter the headers of each request (which is somehow allowed by the spec :person_shrugging:)

Thanks. That’s probably the best option. Unfortunately I’ve found service workers in Chrome to be unreliable after a hard reload. 1446885 - chromium - An open-source project to help move the web forward. - Monorail

oh wow that’s bizarre behaviour indeed

Yea, I think that’s intended for service workers, I would be all for this feature as well, a certain wasm rebuild of a game I have runs a bit better when sharedarraybuffer can be utilized for “threads”, but it’s quite annoying with the header requirement.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.