Menu
My website does not work with Chrome 92. With Chrome 91 everything was fine. The problem is that SharedArrayBuffer is not enabled since Chrome 92. When I try to enable it by adding the header "Cross-Origin-Embedder-Policy: requre-corp and Cross-Origin-Opener-Policy: same-origin" I get the error message:
The Cross-Origin-Opener-Policy header has been ignored, because the origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
Does "Please deliver the response using the HTTPS protocol" mean I have to switch to HTTPS only to use SharedArrayBuffer? If so, what’s the reason?
349
Yes, you need to use HTTPS.
Certain features (which includes SharedArrayBuffer, due to the revelations of Spectre-style attacks) are security-sensitive and require a greater degree of isolation. COOP/COEP allows the browser to isolate your page from other sites to a greater degree, which allows this feature to be safer to use.
Some features, including COOP, have significant effects on how the browser treats content from your origin. The browser can't be sure that this assertion hasn't been tampered with unless it is delivered from a potentially trustworthy origin (if that's not localhost, this means over HTTPS).
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
