在不接触服务器的情况下启用COOP/COEP

Or how to modify security headers clientside.

或者如何在客户端修改安全头文件。

Ever since the rather impressive Meltdown and Spectre attacks, browser vendors had to clamp down on shared memory and high resolution timers. While this conveniently means that the casual user doesn't have to work about phantom trolleys, it can be an irritating restriction for a developer. Some APIs got limited, while others were completely disabled unless one does a little dance to appease the web browser.

自从令人印象深刻的Meltdown和Spectre攻击以来，浏览器供应商不得不对共享内存和高分辨率计时器进行限制。虽然这意味着休闲用户不必为幽灵手推车而烦恼，但对于开发者来说，这可能是一个令人恼火的限制。一些API受到限制，而另一些则被完全禁用，除非人们做一些小动作来讨好网络浏览器。

This means that certain web-applications have an additional hurdle to overcome.

这意味着某些网络应用有一个额外的障碍需要克服。

A few examples of web-applications that have this problem are in-browser video converters using ffmpeg.wasm, a web-based notebook that supports Python and multithreaded Emscripten applications.

有这个问题的网络应用的几个例子是使用ffmpeg.wasm的浏览器内视频转换器，一个支持Python和多线程Emscripten的网络笔记本。

The Problem

问题所在

The following APIs are unavailable by default

以下的API在默认情况下是不可用的

• SharedArrayBuffer
• SharedArrayBuffer
• Atomics
• Atomics

To re-enable them, the site needs to be served over HTTPS[1] and two headers need to be set. The headers, which have to be set server side[2], are

要重新启用它们，网站需要通过HTTPS[1]提供服务，并且需要设置两个头文件。必须在服务器端设置的标头[2]是

• Cross-Origin-Opener-Policy: same-origin

  Cross-Origin-Opener-Policy: same-origin

• Cross-Origin-Embedder-Policy: require-corp

  Cross-Origin-Embedder-Policy: require-corp

This can be quite a challenge for a number of reasons. It is not always a walk in the park for a frontend developer to control the headers that the backend sends. Static frontend applications are becoming more widespread. It is quite common that one uses a CDN which simply doesn't support setting custom HTTP headers. I personally needed a solution, as I was deploying a web-based computer algebra system on GitHub pages.

这可能是一个相当大的挑战，原因有很多。对于一个前端开发者来说，控制后端发送的头文件并不总是一帆风顺的。静态前端应用程序正变得越来越普遍。一个人使用CDN是很常见的，它根本不支持设置自定义HTTP头信息。我个人需要一个解决方案，因为我正在GitHub页面上部署...