How to handle CORS for web workers?

Question

In one of my js files (game.js), web workers are used which causes problems for CORS.

From game.js:

var engine = new Worker(options.machinejs|| 'static/js/mainjs/machine.js');

First problem I got was about SharedArrayBuffer is not defined and I solved it by adding the needed headers.

@app.route("/")
def home():
    resp = make_response(render_template("index.html"))
    resp.headers['Cross-Origin-Embedder-Policy'] = 'require-corp'
    resp.headers['Cross-Origin-Opener-Policy'] = 'same-origin'
    return resp

I got rid of that error but got this one:

http://127.0.0.1:5000/static/js/mainjs/machine.js net::ERR_BLOCKED_BY_RESPONSE 304

When I check the responses I can see the header parts I added for "http://127.0.0.1:5000/" but I see no such headers for http://127.0.0.1:5000/static/js/mainjs/machine.js In fact, it warns me to add

Cross-Origin-Embedder-Policy: require-corp

in my document. Where and how though?

Answer 1

I obviously confused CORS with CORP although they're related.

The solution I found was:

@app.route("/")
def home():
    return render_template("index.html")

@app.after_request
def add_header_home(response):
    response.headers['Cross-Origin-Embedder-Policy'] = 'require-corp'
    response.headers['Cross-Origin-Opener-Policy'] = 'same-origin'
    return response

Somehow after_request decorator helps us here.