网络工作者被自我阻挡。

发布于 2025-02-13 13:26:22 字数 1045 浏览 1 评论 0 原文

基本上，我正在尝试使用柏树在我的 svelte 应用程序上运行测试。但是我需要使用一个网络工作者，但是当我尝试柏树（带有chrome）时，它会被此错误所阻止：

domexception：未能在“ worker”上执行“ tostmessage”：sharedArrayBuffer转移需要自我。

通常它可以工作，我已经在 svelte.config.js 文件上设置了以下标题：

/** @type {import('vite').Plugin} */
const viteServerConfig = {
    name: 'log-request-middleware',
    configureServer(server) {
        server.middlewares.use((req, res, next) => {
            res.setHeader("Access-Control-Allow-Origin", "*");
            res.setHeader("Access-Control-Allow-Methods", "GET");
            res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
            res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
            next();
        });
    }
};

在柏树上，为了解决这个问题，我将 chromewebsecurity 设置为 false cypress.config.js ，但没有任何改变。如果我在网络内部查看，工人会正常加载，但是帖子消息会失败，该错误是否有任何线索？

原文

Basically I'm trying to use cypress to run tests on my Svelte app. But I need to use a web worker but it gets blocked by this error when I try on Cypress (with Chrome):

DOMException: Failed to execute 'postMessage' on 'Worker': SharedArrayBuffer transfer requires self.crossOriginIsolated.

Normally it works, I've set the following headers on the svelte.config.js file:

/** @type {import('vite').Plugin} */
const viteServerConfig = {
    name: 'log-request-middleware',
    configureServer(server) {
        server.middlewares.use((req, res, next) => {
            res.setHeader("Access-Control-Allow-Origin", "*");
            res.setHeader("Access-Control-Allow-Methods", "GET");
            res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
            res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
            next();
        });
    }
};

while on Cypress, to try to solve this I've set the chromeWebSecurity to false on the cypress.config.js, but nothing changes. The worker gets loaded normally if I look inside network, but the post message fails with that error, any clue?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

罪歌 2025-02-20 13:26:22

我不确定谁（vite，svelte，cypress），但是代码中的某些东西想使用 sharedArrayBuffer 。

sharedArrayBuffer 是幽灵和崩溃攻击。 Chrome功能被称为站点隔离允许它返回，< strong>只要要求使用 sharedArrayBuffer 的网站在状态称为 crossoriginasolated 。

为了实现交叉起源隔离，您需要配置3个http响应标头：

跨原生蛋白 - 资源 - 政策（corp）

正如Eiji Kitamura在此视频，您需要做3件事：

添加 cross> cross-origin-opener-policy 代码>（COP）响应标题 top级文档由您的服务器返回。它的值应为 same-origin 。
将交叉源源物 - 资源 - 元素（corp）响应标头添加到您对来源的自托管的所有资产。它的值应为相同位置。您还应检查 cross-origin 您想要在网站上包含的资源（例如，YouTube ＆lt; iframe＆gt; ）用 cross-origin-resource-policy返回：交叉原始。如果交叉启发服务器（即您无法控制的服务器）不会将Corp Header添加到其返回的资源中，则它也可以返回a 跨孔资源共享（CORS）标题，但您将需要要添加 crossorigin 属性属于那些交叉原始资源（例如＆lt; img src =“ some-image-not-not-on-hour-your-site.png” crossorigin＆gt; ）。
将交叉孔 - Embedder-Policy （COEP）响应标头添加到您的服务器返回的顶级文档。它的值应为 require-corp 。

另外，请记住这一点，请记住 cross-origin-isolation-guide ：

确保没有需要通过Postmessage（）进行通信的交叉原始弹出窗口。当启用交叉隔离时，无法使它们保持工作。您可以将通信移至另一个未隔离的文档，也可以使用其他交流方法（例如，HTTP请求）。

您也可以看一下有关

I'm not sure who (Vite, Svelte, Cypress), but something in your code wants to use a SharedArrayBuffer.

SharedArrayBuffer was removed from all browsers in 2018 because of the Spectre and Meltdown attacks. The Chrome feature known as Site Isolation allowed it to return, as long as the site requesting to use SharedArrayBuffer is in state known as crossOriginIsolated.

In order to achieve cross origin isolation, you need to configure 3 HTTP response headers:

As Eiji Kitamura explains in this video, you need to do 3 things:

add the Cross-Origin-Opener-Policy (COOP) response header to the top-level document returned by your server. Its value should be same-origin.
add the Cross-Origin-Resource-Policy (CORP) response header to all assets you are self-hosting on your origin. Its value should be same-site. You should also check that cross-origin resources that you want to include on your site (e.g. a YouTube <iframe>) are returned with Cross-Origin-Resource-Policy: cross-origin. If a cross-origin server (i.e. a server you don't control) does not add the CORP header to the resources it returns, it could also return a Cross-Origin Resource Sharing (CORS) header, but you would need to add a crossorigin attribute to those cross-origin resources (e.g. <img src="some-image-not-on-your-site.png" crossorigin>).
add the Cross-Origin-Embedder-Policy (COEP) response header to the top-level document returned by your server. Its value should be require-corp.

Also, please keep in mind this point from the cross-origin-isolation-guide:

Make sure there are no cross-origin popup windows that require communication through postMessage(). There's no way to keep them working when cross-origin isolation is enabled. You can move the communication to another document that isn't cross-origin isolated, or use a different communication method (for example, HTTP requests).

You may also take a look at this talk about cross-origin fetches.

回复收藏 0 原文

~没有更多了~