Stack Overflow
Stack Overflow

Questions tagged [cross-origin-embedder-policy]

Use this tag for questions related to the Cross-Origin-Embedder-Policy HTTP header

55 questions
21
votes
4 answers

React Error: "SharedArrayBuffer is not defined" in Firefox

I have a React app, created with 'create-react-app' (I also use jsdom NPM package), and for some reason, the application throws an error on load Only in Firefox (works fine in Chrome & Edge). Here is the error: ReferenceError: SharedArrayBuffer is…
Or Assayag
  • 5,662
  • 13
  • 57
  • 93
17
votes
4 answers

Is there any way to use SharedArrayBuffer on GitHub Pages?

To use SharedArrayBuffer, we have to add two response headers: Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Is there any way to add those headers with GitHub Pages so SharedArrayBuffer will work?
Đức Huỳnh
  • 394
  • 3
  • 17
10
votes
0 answers

Iframe - performing SSO and accessing page behind authentication wall with iframe

I have 2 domains, one that hosts my app - myapp, and the other that hosts gooddata dashboards - analytics.myapp. I would like to embed a gooddata dashboard to a page in my app. I have set the frame-src to allow requests from the domain where the…
Leff
  • 1,968
  • 24
  • 97
  • 201
9
votes
3 answers

net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200

Please help solve this problem. I am working with a MERN app. In the app, I upload images to the cloudnary using the API. Then I upload the image on the frontend using secure_url. It works on localhost but does not work on heroku i.e. the image is…
nOybek
  • 305
  • 1
  • 4
  • 7
8
votes
6 answers

Helmet Express ERR_BLOCKED_BY_RESPONSE.NotSameOrigin 200

please I need help, I checked on all google and not get really answer for to open my issue. I want to use helmet to secure my express server. But when I am using it I get this error : ERR_BLOCKED_BY_RESPONSE.NotSameOrigin 200 for loaded my images…
jeremyl
  • 115
  • 1
  • 1
  • 8
8
votes
1 answer

How to make my site compatible with the upcoming Cross-Origin-Isolation changes for SharedArrayBuffer

So I read that there are upcoming changes in Chrome to enable the usage of SharedArrayBuffer specifically "Making your website "cross-origin isolated"". My site makes use of external APIs that don't meet the requirements for this. So what I did was,…
Jacob
  • 524
  • 5
  • 18
7
votes
2 answers

Getting "NotSameOriginAfterDefaultedToSameOriginByCoep" error with Helmet

I'm seeing the following error in my browser console when using Helmet.js: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep What should I do?
Evan Hahn
  • 12,147
  • 9
  • 41
  • 59
7
votes
1 answer

How to prevent ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep?

I am attempting to access my movie API that returns data including an image of a movie poster through a React application. This image is being requested from an external website. Each time I make a request to my \movies endpoint, the image is…
Myles Jefferson
  • 115
  • 1
  • 1
  • 5
7
votes
0 answers

Firebase Auth in Cross-Origin-Isolated mode?

I am working on a web app, which runs compute-intensive code using Emscripten's multithreaded WASM and therefore needs SharedArrayBuffers. Those only work if my app is in Cross-Origin-Isolated mode. And to enable that, I have to set the following…
AUser
  • 171
  • 1
  • 7
6
votes
1 answer

Can COOP/COEP headers be set with meta tags (http-equiv)?

Can the Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers be set with tags, or can they only be set with actual headers? If not, is there a list of headers which can be set with meta tags? The following example logs…
joe
  • 3,752
  • 1
  • 32
  • 41
5
votes
0 answers

Firebase auth breaks with cross origin isolation (i.e. when using Cross-Origin-Resource-Policy)

I am trying to make a website cross origin isolated, and enabled the following headers on my site: https://web.dev/cross-origin-isolation-guide/ Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Firebase auth uses a…
Kartik Ayyar
  • 832
  • 1
  • 7
  • 23
5
votes
0 answers

New requirements for SharedArrayBuffers on https://example.com/

Today I received an email from Google: New requirements for SharedArrayBuffers on https://example.com/ Google systems have recently detected that SharedArrayBuffers (SABs) are used on https://example.com/, but COOP and/or COEP headers are not…
4532066
  • 2,042
  • 5
  • 21
  • 48
4
votes
2 answers

Is it possible to embed a cross-origin-isolated iframe inside a normal page?

(For some people, this question may equal to "if I can't use sharedArrayBuffer in my main site, can I open an iframe and use sharedArrayBuffer inside the iframe?") So I want to use some wasm with sharedArrayBuffer in my site, but it's impractical to…
ZYinMD
  • 3,602
  • 1
  • 23
  • 32
4
votes
1 answer

Recaptcha V2 not working after adding COEP headers (Cross Origin Isolation)

I am using SharedArrayBuffer for some of functionalities in one of the webapp. On Chrome version 92 I have enabled cross origin isolation as per instructions here and added following headers to root page and wasm files. Cross-Origin-Resource-Policy:…
humbledor
  • 61
  • 3
3
votes
1 answer

How to handle CORS for web workers?

In one of my js files (game.js), web workers are used which causes problems for CORS. From game.js: var engine = new Worker(options.machinejs|| 'static/js/mainjs/machine.js'); First problem I got was about SharedArrayBuffer is not defined and I…
K.Yazoglu
  • 207
  • 3
  • 13
1
2 3 4