I am trying to use SharedArrayBuffer, which requires the COOP and COEP headers to be set so that window.crossOriginIsolated==true.
I’ve done that, and it works fine. But for reasons I can’t go into, I may not be able to set those headers for our entire site. The site is served by an express JS web server, and I’ve been working in my simpler example of that so I have unlimited control just for testing.
In reading the MDN page for WorkerGlobalScope, it mentions that crossOriginIsolated (cOI) is a property of it. It isn’t explicit whether WorkerGlobalScope’s cOI is tied to the top level window’s cOI, although (especially after testing) I suspect that may be the case.
To test, I’ve tried sending, the COOP & COEP headers only for files under the subdirectory ./dist such that the JavaScript file defining the worker is obtained by the browser with those headers properly set – which I’ve confirmed.
app.use( "/dist/*", ( req, res, next ) => {
console.log( `Requesting file: ${req.baseUrl}` );
res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
next();
} );
From the Chrome Devtools’ Network tab:
Request URL: http://localhost/dist/mainworker.mjs Request Method: GET Status Code: 200 OK Referrer Policy: strict-origin-when-cross-origin . . . content-type: application/javascript; charset=UTF-8 cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin
However, WorkerGlobalScope.crossOriginIsolated is false.
Is my suspicion correct – that WorkerGlobalScope.crossOriginIsolated is inextricably tied to the top level window? Or has anyone been able to create a Web Worker with cOI true while the main tab’s window’s cOI is false?
Thanks