Please add an argument such as -w --wasm that activate the following headers:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
Why
This would allow users to use serve to test WebAssembly components from their browser, provided they use a valid SSL certificate or pipe the server though a secure tunnel service such as ngrok. Refer to the MDN docs articles on SharedArrayBuffer, as well as COOP and COEP.
It is possible to do it from a config file, as seen in #606 and in the docs but it'd generally be easier to have a single argument than having to write a config, especially when you run serve from a dist/build folder which is excluded in a .gitignore.
Alternatives
As an alternative, we can have the -C --cors argument pass the Cross-Origin-Opener-Policy: same-origin and Cross-Origin-Embedder-Policy: require-corp headers as well, but as it may pose security problem because of unwanted behavior, it's probably not a good idea.
KaivnD
commented
11 months ago
Description
Please add an argument such as
-w --wasmthat activate the following headers:Cross-Origin-Opener-Policy: same-originCross-Origin-Embedder-Policy: require-corpWhy
This would allow users to use serve to test WebAssembly components from their browser, provided they use a valid SSL certificate or pipe the server though a secure tunnel service such as ngrok. Refer to the MDN docs articles on SharedArrayBuffer, as well as COOP and COEP.
It is possible to do it from a config file, as seen in #606 and in the docs but it'd generally be easier to have a single argument than having to write a config, especially when you run serve from a dist/build folder which is excluded in a
.gitignore.Alternatives
As an alternative, we can have the
-C --corsargument pass theCross-Origin-Opener-Policy: same-originandCross-Origin-Embedder-Policy: require-corpheaders as well, but as it may pose security problem because of unwanted behavior, it's probably not a good idea.