Add COOP+COEP+CORP headers #6597
Conversation
somebody1234
added
the
CI: No changelog needed
|
mini self QA: issues, unrelated to this PR: |
| response.setHeader('Cross-Origin-Embedder-Policy', 'require-corp') | ||
| response.setHeader('Cross-Origin-Opener-Policy', 'same-origin') |
There was a problem hiding this comment.
Please add description + links why we need it
| @@ -0,0 +1,32 @@ | |||
| /** @file A service worker that redirects paths without extensions to `/index.html`. | |||
| * This is only used in the cloud frontend. */ | |||
There was a problem hiding this comment.
What is "cloud frontend"? I did not hear this name earlier.
| @@ -0,0 +1,32 @@ | |||
| /** @file A service worker that redirects paths without extensions to `/index.html`. | |||
| * This is only used in the cloud frontend. */ | |||
| /// <reference lib="WebWorker" /> | |||
| event.respondWith( | ||
| fetch(event.request.url).then(response => { | ||
| const clonedResponse = new Response(response.body, response) | ||
| clonedResponse.headers.set('Cross-Origin-Embedder-Policy', 'require-corp') |
There was a problem hiding this comment.
Please add description + links why we need it
| clonedResponse.headers.set('Cross-Origin-Opener-Policy', 'same-origin') | ||
| clonedResponse.headers.set('Cross-Origin-Resource-Policy', 'same-origin') | ||
| return clonedResponse | ||
| }) | ||
| ) |
There was a problem hiding this comment.
Also:
- this is the same as code in other place - can we refactor it to one place maybe?
- We have server built-into electron, why are we not using the same server with the watch scripts? would it not be cool to use the same code + make it possible to spawn electron in the watch mode? Ofc this is not part of this task, just a more general question.
There was a problem hiding this comment.
./run ide watch does use the same server, i believe, but ./run gui watch doesn't spawn electron at all. it might be possible to spawn electron on ./run gui watch, but in that case i'm not sure whether that would do anything different to ./run ide watch?
| ? fetch('/index.html') | ||
| : fetch(event.request.url) | ||
| event.respondWith( | ||
| responsePromise.then(response => { | ||
| const clonedResponse = new Response(response.body, response) | ||
| clonedResponse.headers.set('Cross-Origin-Embedder-Policy', 'require-corp') | ||
| clonedResponse.headers.set('Cross-Origin-Opener-Policy', 'same-origin') | ||
| clonedResponse.headers.set('Cross-Origin-Resource-Policy', 'same-origin') |
There was a problem hiding this comment.
This is 3rd place with the same code.
|
I tested it and it does seem to not break anything. I did not test loging with the new dashboard as its not enabled and I don't know how to run it, but if it did not break login using Google, then it should not influence anything else. |
This reverts commit 9597dd3.
* develop: Implement loading spinner for visualisations. (#6512) Fix blank input port (#6614) Add `Date_Range` (#6621) All Vector operations shall be applicable on java.util.ArrayList (#6642) Fix redirect paths and enable authentication and new dashboard by default (#6605) Fix #6287: wrong nested breadcrumb ordering (#6617) Whitelist AWS Cognito domains (#6643) Revert "Add COOP+COEP+CORP headers (#6597)" (#6647) Fix shortcuts table formatting (#6644) Automatic type based dropdown does not include singleton in a union type (#6629) Make Meta.get_annotation work for constructor (#6633)
Pull Request Description
Adds COOP+COEP+CORP headers. This is mainly required for high resolution timing (on Chrome, it increases
performance.nowresolution from 100us to 5us)Important Notes
None
Checklist
Please ensure that the following checklist has been satisfied before submitting the PR:
Scala,
Java,
and
Rust
style guides. In case you are using a language not listed above, follow the Rust style guide.
./run ide build.