On Friday, December 4, 2020 at 3:36:41 PM UTC-5 Floh wrote: > Wrong place to whine about it I guess, but it would be really great if > those COOP/COEP response header requirements could also be defined *inside* > the index.html as meta-tags (or some sort of 'manifest file' uploaded > together with index.html etc to the web server). Because otherwise > multi-threaded WASM will never be an option when using hosting services > where the user has no control over the web server configuration (such as > github-pages). >
I'd actually come up with the "manifest"-style suggestion as well. So, er...good thinking! :-P > Hrmpf, not a big fan of this feature... Their agenda does not strike me as the product of rigorous thought. (I'm reminded of using a chat program where you can type to someone...and then you try to send them a file...and it fails with some "operation prohibited" error. But since you can type, you can still uuencode things.) You either have a connection, or you don't. You either check a signature or hash, or you don't. These are the mechanisms and tools of security--you have to start there. The rest of this comes across to me as obfuscation and theater. While I do appreciate there is a reason "make me a sandwich" and "sudo make me a sandwich" are different...what's being offered here seems--when considered generously--a weak and disjoint analogy to that. If anything, it leads to people with legitimate needs being forced into using *less* secure methods. I compared to JSONP (an analogy apparently too deep to grok...who knew?) https://bugzilla.mozilla.org/show_bug.cgi?id=1586217 But as the threads like that show, there's really nowhere else to whine. It all bottoms out in silence, or some AWS thread where they ask if you saw the CORS header settings when you were asking about something completely different. :-( So after thinking about it a bit today, I feel like I've gotten the message: no one considers this feature important enough to design in a coordinated way. They've broken it repeatedly--and will likely continue to do more and more weird things--without consideration for the few users they have. Asyncify may not be ideal due to generating 2x size binaries, but it's fast enough (big thanks to those responsible!). Thus I think I'm just going to treat the threads as DOA, and let the idea go. > -- You received this message because you are subscribed to the Google Groups "emscripten-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/emscripten-discuss/d9505b3b-13cc-4628-b729-9ae59fa81669n%40googlegroups.com.
