Here are my two files, test.js and test.php.
test.js:
console.log("test.js is loaded")
test.php:
<?php
header('Content-Type: text/html; charset=UTF-8');
//header('Cross-Origin-Embedder-Policy: require-corp');
//header('Cross-Origin-Opener-Policy: same-origin');
?><!DOCTYPE html>
<html>
<title>test</title>
<script>
new Worker("/test.js")
</script></html>
The browser console prints "test.js is loaded" as expected. But if I comment out the two lines in test.php, nothing would be printed in the browser console, which means there's a problem that prevents the worker from being loaded if I enable the cross-origin isolation policy. So is there a correct way to use worker with the cross-origin isolation policy enabled?
BTW, I have to enable the cross-origin isolation policy because I need to use SharedArrayBuffer.
No, Web Workers are available, but your main worker script must be served with the same headers in its response, this is because the Worker does create a new realm, and you can't "downgrade" the embedder policy.
Specs link: https://html.spec.whatwg.org/multipage/origin.html#check-a-global-object's-embedder-policy.
Note that you could still use the usual blob: URL + importScripts() hack if you can't set this file's headers, but a properly configured server is alway better than hacks.