Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

emrun: Set COOP,COEP and CORP headers #10077

Merged
merged 2 commits into from
Jan 3, 2020
Merged

emrun: Set COOP,COEP and CORP headers #10077

merged 2 commits into from
Jan 3, 2020

Conversation

msabwat
Copy link
Contributor

@msabwat msabwat commented Dec 19, 2019
edited
Loading

This enables emrun to serve pages by taking into account
the upcoming restrictions on Content Policy for Firefox 72.

In Firefox 71, we currently need to set these flags to test the
upcoming feature:
browser.tabs.remote.useCORP
browser.tabs.remote.useCrossOriginOpenerPolicy
browser.tabs.remote.useCrossOriginEmbedderPolicy
dom.postMessage.sharedArrayBuffer.withCOOP_COEP

This PR is a fwp on @VirtualTim ticket:
Fixes #10014

@juj
Copy link
Collaborator

juj commented Dec 19, 2019

Those Firefox flags can be set here:

https://github.com/emscripten-core/emscripten/blob/incoming/emrun.py#L331

(add them to last position in the file, they need to be in chronological order of adoption)

@msabwat
Copy link
Contributor Author

msabwat commented Dec 20, 2019
edited
Loading

test_offset_converter is failing and I have no idea why 😓
it is a test that is usually skipped on previous PRs:

test_offset_converter (test_browser.browser) ... skipped 'is_wasm_backend : offset converter is not supported on fastcomp'

can this be skipped here too?

@kripken
Copy link
Member

kripken commented Dec 20, 2019

I've seen that error before, but not sure why it happens - seems random. I restarted those two jobs. If they don't pass now, please merge in latest incoming. If that doesn't fix things, then we'll need to do more serious investigation (separately from this PR).

annevk
annevk reviewed Dec 21, 2019
View reviewed changes
emrun.py Show resolved Hide resolved
@juj
Copy link
Collaborator

juj commented Dec 29, 2019

Hmm, in Firefox Nightly I see there is a field dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled: boolean. I see that toggling that makes FF Nightly work as before? Perhaps setting that in the Firefox prefs list would be good here?

@annevk
Copy link

annevk commented Dec 30, 2019

@juj that's mainly meant for testing, will never work on Release, and might eventually be redone in some manner.

VirtualTim
VirtualTim reviewed Jan 2, 2020
View reviewed changes
emrun.py Outdated Show resolved Hide resolved
@msabwat
emrun: Set COOP,COEP and CORP headers
e6f0dca 
This enables emrun to serve pages by taking into account
the upcoming restrictions on Content Policy for Firefox 72.

In Firefox 71, we currently need to set these flags to test the
upcoming feature:
browser.tabs.remote.useCORP
browser.tabs.remote.useCrossOriginOpenerPolicy
browser.tabs.remote.useCrossOriginEmbedderPolicy
dom.postMessage.sharedArrayBuffer.withCOOP_COEP
@msabwat
fixup: remove semicolons
55428c6
@juj
Copy link
Collaborator

juj commented Jan 3, 2020

Great, thanks!

@juj juj merged commit 8d3c6e1 into emscripten-core:incoming Jan 3, 2020
@VirtualTim
Copy link
Collaborator

Thanks @msabwat.

This was referenced Feb 24, 2020
Merged
Merged
belraquib pushed a commit to belraquib/emscripten that referenced this pull request Dec 23, 2020
@msabwat @belraquib
emrun: Set COOP,COEP and CORP headers (emscripten-core#10077)
a857859 
* emrun: Set COOP,COEP and CORP headers

This enables emrun to serve pages by taking into account
the upcoming restrictions on Content Policy for Firefox 72.

In Firefox 71, we currently need to set these flags to test the
upcoming feature:
browser.tabs.remote.useCORP
browser.tabs.remote.useCrossOriginOpenerPolicy
browser.tabs.remote.useCrossOriginEmbedderPolicy
dom.postMessage.sharedArrayBuffer.withCOOP_COEP

* fixup: remove semicolons
@tuket
Copy link

tuket commented Jun 28, 2022

Hello!
I'm using emrun to create a webserver.
Then, I use my Android phone (that is connected to the same local network) to access the webpage (using the local IP as URL: 192.168.0.104:9090).

The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
GoldenViewer.js:1017 Uncaught ReferenceError: SharedArrayBuffer is not defined
    at GoldenViewer.js:1017:38

I'm not sure what should I do.

@msabwat
Copy link
Contributor Author

msabwat commented Jun 28, 2022

Hi,
The error here is that you didn't use https IIUC.
Localhost is unique, so you don't need a certificate, but for any other address/domain, you will need an ssl certificate.
also, it depends on the browser you are using. https://caniuse.com/sharedarraybuffer

@tuket
Copy link

tuket commented Jun 29, 2022

Thanks, mate.
I ended up using nginx as a server, so I should be able to use local certificates with mkcert. So far I couldn't get it to work, but getting closer xD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk annevk left review comments

@VirtualTim VirtualTim VirtualTim left review comments

@juj juj juj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix emrun for COOP/COEP/CORP
6 participants
@msabwat @juj @kripken @annevk @VirtualTim @tuket