Open julianjelfs opened 1 year ago
Hi, came across this issue while researching this item. I was able to figure out that, in addition to the site being served over HTTPS, the site's Content Security Policy has to be set up with a worker-src
directive that includes blob:
, e.g. worker-src 'self' blob:;
. This appears to be due to more restrictive default browser settings for Safari on iOS. Hope this helps you or anyone else experiencing this issue.
Edit: Subsequently I discovered that this is discouraged by the W3C in the CSP2 spec:
allowing "blob:" or "filesystem:" URLs is equivalent to unsafe-eval.
There isn't a similar statement in the draft CSP3, but another approach may be preferable if you can find it.
probably related to / duplicate of #221
When I try to scan with safari (either on iOS 16.4 or macOS 13.3) I get a decoding error:
securityerror: The operation is insecure
.This error seems to be coming from the worker but I'm not able to figure out what's going on in any more detail.
I have a hunch it is something to do with how the my project is being built since this problem does not occur on the demo page.
I am using rollup and can see that it has automatically created a
qr-scanner-worker.min-123456.js
(where 123456 is some build number) and copied it to my build directory successfully.Any help would be appreciated.