Use 'Cross-Origin-Embedder-Policy: credentialless' in Chrome 96+
On pages embedding Stockfish (i.e. using SharedArrayBuffer). To allow custom backgrounds from non-CORS pages.deepcrayonfish^2
parent
6d33261fb5
commit
d9b7ba6139
|
@ -65,10 +65,11 @@ abstract private[controllers] class LilaController(val env: Env)
|
||||||
implicit def reqConfig(implicit req: RequestHeader) = ui.EmbedConfig(req)
|
implicit def reqConfig(implicit req: RequestHeader) = ui.EmbedConfig(req)
|
||||||
def reqLang(implicit req: RequestHeader) = I18nLangPicker(req)
|
def reqLang(implicit req: RequestHeader) = I18nLangPicker(req)
|
||||||
|
|
||||||
protected def EnableSharedArrayBuffer(res: Result): Result =
|
protected def EnableSharedArrayBuffer(res: Result)(implicit req: RequestHeader): Result =
|
||||||
res.withHeaders(
|
res.withHeaders(
|
||||||
"Cross-Origin-Opener-Policy" -> "same-origin",
|
"Cross-Origin-Opener-Policy" -> "same-origin",
|
||||||
"Cross-Origin-Embedder-Policy" -> "require-corp"
|
"Cross-Origin-Embedder-Policy" -> (if (HTTPRequest isChrome96OrMore req) "credentialless"
|
||||||
|
else "require-corp")
|
||||||
)
|
)
|
||||||
|
|
||||||
protected def NoCache(res: Result): Result =
|
protected def NoCache(res: Result): Result =
|
||||||
|
|
|
@ -45,6 +45,7 @@ object HTTPRequest {
|
||||||
|
|
||||||
private def uaContains(req: RequestHeader, str: String) = userAgent(req).exists(_ contains str)
|
private def uaContains(req: RequestHeader, str: String) = userAgent(req).exists(_ contains str)
|
||||||
def isChrome(req: RequestHeader) = uaContains(req, "Chrome/")
|
def isChrome(req: RequestHeader) = uaContains(req, "Chrome/")
|
||||||
|
val isChrome96OrMore = UaMatcher("""Chrome/(?:\d{3,}|9[6-9])""")
|
||||||
|
|
||||||
def origin(req: RequestHeader): Option[String] = req.headers get HeaderNames.ORIGIN
|
def origin(req: RequestHeader): Option[String] = req.headers get HeaderNames.ORIGIN
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue