vite - How to set headers for assets within _appimmutableworkers?

I've successfully built a SvelteKit app, but when I try to run npm rum preview, I see that the following asset was unable to be loaded:

http://localhost:4173/_app/immutable/workers/shout.wasm.worker-fuz9AyH7.js.

The browser console says:

Because your site has the Cross-Origin Embedder Policy (COEP) enabled, each embedded iframe must also specify this policy. This behavior protects private data from being exposed to untrusted third party sites.

To solve this, add one of following to the embedded frame’s HTML response header:

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Embedder-Policy: credentialless (Chrome > 96)

How do I configure the static assets served from "_app/immutable/workers" to have the Cross-Origin-Embedder-Policy: require-corp headers?

Current setup of vite.config.ts

const viteServerConfig = () => ({
    name: "add-headers",
    configureServer: (server) => {
        server.middlewares.use((req, res, next) => {
            res.setHeader("Access-Control-Allow-Origin", "*");
            res.setHeader("Access-Control-Allow-Methods", "GET");
            res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
            res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
            next();
        });
    },
});

export default defineConfig({
    plugins: [
        sveltekit(),
        Icons({
            compiler: "svelte",
        }),
        viteServerConfig(),
    ],
    server: {
        open: "/",
        headers: {
            "Cross-Origin-Embedder-Policy": "require-corp",
            "Cross-Origin-Opener-Policy": "same-origin",
        },
        host: '0.0.0.0',
    },
    worker: {
        format: "es",
    },
    build: {
        outDir: "dist",
        target: "ES2022"
    } 
  },

Programmer puzzle solving

vite - How to set headers for assets within _appimmutableworkers? - Stack Overflow

Articles related to this article

comment list (0)