In order to use SharedArrayBuffer that I need for FFmpeg-wasm, I need to enable cross-origin isolation. However I cannot load any resources from my CDN. In this documentation:
Once you do this, your page will not be able to load cross-origin content unless the resource explicitly allows it via a Cross-Origin-Resource-Policy header or CORS headers (Access-Control-Allow-* and so forth).
I tried looking at their documentation on CORP header but I cannot find any useful information on how to enable certain origins. My CDN already has access-control-allow-origin: * header but seems like it's not the correct header.
What do I need to do to allow https://cdn.example.com/resource.js in my website?
I found out the
Cross-Origin-Resource-Policyis NOT for my web page, but for the CDN resource (i.e. the server serving the JS file). Adding the header to my CDN server solves the problem. For example,https://cdn.example.com/resource.jsmust respond with this header: