[Worker support] test for no cors headers (#1374)

* test for no cors headers * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * fix tests * suggested changes * disable directly * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add error message * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * improve test * improve error message * remove py-config tag from cors test --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
2025-12-21 03:05:38 -05:00 · 2023-05-02 18:43:11 +05:30
parent 82613d016a
commit cd1aa948f9
5 changed files with 92 additions and 20 deletions
--- a/pyscriptjs/src/main.ts
+++ b/pyscriptjs/src/main.ts
@@ -162,6 +162,21 @@ export class PyScriptApp {
            );
        }
        this.config = loadConfigFromElement(el);
+        if (this.config.execution_thread === 'worker' && crossOriginIsolated === false) {
+            throw new UserError(
+                ErrorCode.BAD_CONFIG,
+                `When execution_thread is "worker", the site must be cross origin isolated, but crossOriginIsolated is false.
+                To be cross origin isolated, the server must use https and also serve with the following headers: ${JSON.stringify(
+                    {
+                        'Cross-Origin-Embedder-Policy': 'require-corp',
+                        'Cross-Origin-Opener-Policy': 'same-origin',
+                    },
+                )}.
+
+                The problem may be that one or both of these are missing.
+                `,
+            );
+        }
        logger.info('config loaded:\n' + JSON.stringify(this.config, null, 2));
    }