We have a local development enviorment (localhost/
) that communicates with our development API on a remote server (api-dev.host.com
).
After the latest Chrome upgrade, I am getting the following console error when attempting to communicate from localhost to the remote server:
[Deprecation] SharedArrayBuffer will require cross-origin isolation as of M92, around July 2021. See https://developer.chrome.com/blog/enabling-shared-array-buffer/ for more details.
While the link in the error does display some information, it is unclear to me how to fix this issue. Is there anyway to fix this from the backend? Any answers would be appreciated.
According to the link in the error message, this is due to a new security feature implemented in Chrome v92.
Chrome v92 is now requiring the
Cross-Origin-Resource-Policy
header in order to share resources between two or more origins. I assume you are trying to use a cookie or other resource set byapi-dev.host.com
and so you would need to implement the header or have your CORS configuration set toAccess-Control-Allow-Origin: *
.If you do not have the
Access-Control-Allow-Origin
set to*
you can set theCross-Origin-Resource-Policy
header using the following Nginx configuration:There are multiple different values to the header but
cross-origin
will allow you to access resources between origins (localhost
andapi-dev.host.com
are different origins).Notice that you may have had
SameSite=Lax
or other configuration. In order to access the cookies supposed to be set by the remote server together with theCross-Origin-Resource-Policy
you will need to have the following cookie configuration (you can check your cookieSameSite
configuration here):This should work assuming you are trying to access a cookie set by the remote server of a separate origin and do not have
Access-Control-Allow-Origin
set to*
.