Vimeo player not working in `crossOriginIsolated` page

[cduff]

Expected Behavior

Vimeo player should work in a page that is crossOriginIsolated.

Actual Behavior

Vimeo player fails in a page served with HTTP response header Cross-Origin-Embedder-Policy values of require-corp or credentialless.

Steps to Reproduce

• See reproduction project: https://stackblitz.com/edit/vimeo-cross-origin-isolated-issue?file=serve.json
• npm start and view output in own tab. (Even the default page fails in the StackBlitz embedded preview due to cross origin isolation.)
• /index.html works fine as there is no HTTP response Cross-Origin-Embedder-Policy header value set.
• /require-corp and /credentialless fail due to their respective HTTP response Cross-Origin-Embedder-Policy header values.

Solution

Vimeo should be setting the Cross-Origin-Resource-Policy response header value to cross-origin on HTTP responses as appropriate?

My environment

Latest Chrome (121.0.6167.140) on latest Windows 11 Pro (23H2, 22631.3085).

[rkrishnan8594]

Hey @cduff - thanks for filing this issue. I'm able to reproduce using the StackBlitz test app that you put together. I've got this issue captured in an internal ticket and I'm hoping that we can address it within the next couple of weeks. I'll follow-up on this issue when we have an update.