Open rostero1 opened 10 months ago
If the icon came with a Cross-Origin-Resource-Policy header it'd work. But I guess you want a way to fetch using CORS instead? Seems somewhat reasonable to support I suppose.
@annevk That did solve my issue, but I think the option would still be helpful if loading your assets through a CDN or some other resource that you cannot add the headers to.
In case someone finds this when trying to troubleshoot a similar issue:
My app loads with the following headers to allow for securely using SharedarrayBuffers.
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
The index.html loads the cross-origin react app via: crossorigin=""
.
Now all the images won't loaded through the React app won't load unless I explicitly add crossorgin=""
to each image (which is not possible for the Notifications API) or update my cross-origin assets server to add Cross-Origin-Resource-Policy: cross-origin
.
I'm a little confused about security:
I assume this is safe for SharedArrayBuffers, otherwise Chrome would through an error when I try to execute: const sab = new SharedArrayBuffer(1024);
. Do you know if that's correct?
For the images the same header would work as for the icon. And yes, without COOP+COEP, there's no SAB constructor exposed.
What problem are you trying to solve?
It's not possible to load an icon from a different origin with the following headers:
What solutions exist today?
None
How would you solve it?
Support
crossOrigin
as an Notifications API optionAnything else?
No response