[feature request] Cross domain blob building fallback
See original GitHub issueI tried to publish 3rd party script with webpack and worker-plugin
.
https://cdn.example.com/main.js <- entry
https://cdn.example.com/sub.js <- chunk
https://cdn.example.com/0.worker.js <- worker
I set output.publicPath
to “https://cdn.example.com/” in this case;
But I can not exec worker because of cross domain restriction.
> new Worker("http://localhost:8080/0.worker.js")
VM84:1 Uncaught DOMException: Failed to construct 'Worker': Script at 'http://localhost:8080/0.worker.js' cannot be accessed from origin 'https://www.google.com'.
I know this fallback works to avoid it.
// ASSET_HOST="https://cdn.example.com/" webpack --mode production
if (process.env.ASSET_HOST === location.protocol + "//" + location.host) {
return new Worker(process.env.ASSET_HOST + "0.worker.js")
} else {
const code = await fetch(process.env.ASSET_HOST + "0.worker.js").then(res =>
res.text()
);
// console.log(t);
const blob = new Blob([code], { type: "text/javascript" });
const url = URL.createObjectURL(blob);
return worker = new Worker(url);
}
but publisher need to add CORS header to fetch. (Most CDN have CORS header)
I will fork and try it at first in my hand.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:5
- Comments:13
Top Results From Across the Web
Disaster recovery and storage account failover - Azure ...
Azure Storage supports account failover for geo-redundant storage ... To learn more, see Blob storage features available in Azure Data Lake ...
Read more >Can I make an Azure storage account go offline to test my ...
My blob client does not seem to fall back. If I redirect to IP 0.0.0.0 , the blob client throws this: "The requested...
Read more >Using CORS with All (Modern) Browsers
I am making a cross domain ajax call which uses POST method to send data to server, but I am unable to get...
Read more >CSP: frame-ancestors - HTTP - MDN Web Docs - Mozilla
It will also not fall back to a default-src setting. ... Some browsers specifically exclude blob and filesystem from source directives.
Read more >Browser APIs and Protocols: XMLHttpRequest
Cross -origin XHR request. CORS requests use the same XHR API, with the only difference that the URL to the requested resource is...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This isn’t because of CORS, but rather because sites like google.com tend to disallow all subresources using something like a Content Security Policy. The issue with CSP is that most configurations you find in the wild also block Blob and Data URL sources, so none of these solutions would work.
CSP issues aside, I wonder if your use-case an inline Blob would work? It would be easy to add an option for this in
worker-plugin
. It would look something like this:input: (your source code)
compiled output:
I didn’t make it work from the first time, so just wanted to clarify that it’s not necessary to add that script directly to HTML. It’s a hack where you just replace native Worker with your own implementation (with importScript that won’t suffer from CORS). So it’s ok to just have that in your code: