third_party/coi-serviceworker/README.md
Cross-origin isolation (COOP and COEP) through a service worker for situations in which you can't control the headers (e.g. GH pages).
coi-serviceworker.js (or coi-serviceworker.min.js).<script src="coi-serviceworker.js"></script>
This script will reload the page on the user's first load to magically add the required COOP and COEP headers in a service worker.
Rules:
You can install this package from npm:
npm i --save coi-serviceworker
You will still have to tell your bundler to put the file alongside your bundle. Something like this will do the trick:
cp node_modules/coi-serviceworker/coi-serviceworker.js dist/
You can customize the behavior by defining a variable coi in the global scope (i.e. on the window object):
window.coi = {
// // A function that is run to decide whether to register the SW or not.
// You could for instance make this return a value based on whether you actually need to be cross origin isolated or not.
shouldRegister: () => true,
// If this function returns true, any existing service worker will be deregistered (and nothing else will happen).
shouldDeregister: () => false,
// A function that is run to decide whether to use "Cross-Origin-Embedder-Policy: credentialless" or not.
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#browser_compatibility
coepCredentialless: () => !(navigator.userAgent.indexOf("CriOS") > -1 || !window.chrome),
// Override this if you want to prompt the user and do reload at your own leisure. Maybe show the user a message saying:
// "Click OK to refresh the page to enable <...>"
doReload: () => window.location.reload(),
// Set to true if you don't want coi to log anything to the console.
quiet: false
}
Library and idea based on @stefnotch's blog post.
MIT
Carp or Koi (1926) by Ohara Koson. Original from the Los Angeles County Museum of Art. Public Domain CC0 image.