Hi! I have a single page application using okta-auth-js and okta-react with the implicit flow.
I have a feature in development that depends on being able to use SharedArrayBuffer. In order to enable this, I have set the
Cross-Origin-Opener-Policy header to
same-origin and the
Cross-Origin-Embedder-Policy header to
require-corp on my index.html document.
When, using Chrome, the token expires after an hour, I see the following message in dev tools:
Because your site has the Cross-Origin Embedder Policy (COEP) enabled, each resource must specify a suitable Cross-Origin Resource Policy (CORP). This behavior prevents a document from loading cross-origin resources which don’t explicitly grant permission to be loaded.
To solve this, add the following to the resource’ response header:
Cross-Origin-Resource-Policy: same-siteif the resource and your site are served from the same site.
Cross-Origin-Resource-Policy: cross-originif the resource is served from another location than your website. If you set this header, any website can embed this resource.
I don’t see any options in the Okta admin to add this Cross-Origin-Resource-Policy header. What is the best way to enable SharedArrayBuffer with an Okta application?
Thank you in advance!