In one of my js files (game.js), web workers are used which causes problems for CORS.
From game.js:
var engine = new Worker(options.machinejs|| 'static/js/mainjs/machine.js');
First problem I got was about SharedArrayBuffer is not defined and I solved it by adding the needed headers.
@app.route("/")
def home():
resp = make_response(render_template("index.html"))
resp.headers['Cross-Origin-Embedder-Policy'] = 'require-corp'
resp.headers['Cross-Origin-Opener-Policy'] = 'same-origin'
return resp
I got rid of that error but got this one:
http://127.0.0.1:5000/static/js/mainjs/machine.js net::ERR_BLOCKED_BY_RESPONSE 304
When I check the responses I can see the header parts I added for "http://127.0.0.1:5000/" but I see no such headers for
http://127.0.0.1:5000/static/js/mainjs/machine.js
In fact, it warns me to add
Cross-Origin-Embedder-Policy: require-corp
in my document. Where and how though?
I obviously confused CORS with CORP although they're related.
The solution I found was:
Somehow after_request decorator helps us here.