Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to execute 'postMessage' on 'Worker': SharedArrayBuffer transfer requires self.crossOriginIsolated. #1002

Closed
alejandrohdo opened this issue Jan 5, 2025 · 5 comments
Closed

Failed to execute 'postMessage' on 'Worker': SharedArrayBuffer transfer requires self.crossOriginIsolated. #1002

alejandrohdo opened this issue Jan 5, 2025 · 5 comments

Comments

@alejandrohdo
Copy link

Describe the bug

image
i have a problem in docker, any idea?
Failed to execute 'postMessage' on 'Worker': SharedArrayBuffer transfer requires self.crossOriginIsolated.

Link to the Bolt URL that caused the error

http://172.22.0.2:5173/chat/fastapi-token-auth

Steps to reproduce

this my promp:
hazme un api rest con fast Api que me permite levantar un servicicio con token, si solo me permita peticionar si el Token es OK, caso contrario rechazar las solicitudes

Expected behavior

only generate bug en docker

Screen Recording / Screenshot

No response

Platform

  • OS: Linux 22.04
  • Browser: Chrome 131.0.6778.139
  • Version:

Provider Used

No response

Model Used

No response

Additional context

No response
@thecodacus
Copy link
Collaborator

not much idea on webcontainer on hosted version, it needs some extra configuration for shared array buffer and coep
maybe @wonderwhy-er or @aliasfoxkde can answer

@LfScOrPiO
Copy link

i have same problem

Failed to spawn bolt shell

Failed to execute 'postMessage' on 'Worker': SharedArrayBuffer transfer requires self.crossOriginIsolated.

@wonderwhy-er
Copy link
Collaborator

wonderwhy-er commented Jan 7, 2025
edited
Loading

This error usually happens if you are serving from http or in some other cross domain cases.
Bolt uses webcontainers webassembly
For webpage and that to communicate efficiently one needs to use SharedArrayBuffer that is vulnerable to side channel attacks
Due to that it is subject to certain limitations

Conditions for SharedArrayBuffer to Work:
Secure Context: Your website must be served over HTTPS.
Cross-Origin Isolation: To ensure safe usage, your site needs to be cross-origin isolated. This is achieved by setting the following HTTP headers:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
These headers help protect your site from potential cross-origin attacks by ensuring that it cannot share resources with other origins unless explicitly permitted.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer?utm_source=chatgpt.com#security_requirements

I can see that you are hosting it from http://172.22.0.2:5173/chat/fastapi-token-auth which is http

So I would look in that direction to fix.

I host it from cloudflare behind https so it works.
For local use its served from localhost which is exempt from this this requirements.

@thecodacus thecodacus pinned this issue Jan 12, 2025
@thecodacus thecodacus mentioned this issue Jan 12, 2025
Closed
@rokipet
Copy link

rokipet commented Jan 19, 2025

Create a túnel from cloudfare to your host if using Linux and it works

@aliasfoxkde
Copy link
Collaborator

Create a túnel from cloudfare to your host if using Linux and it works

Likely because both are now using HTTPS/TLS and Cloudflare has a cert applied.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wonderwhy-er @aliasfoxkde @alejandrohdo @thecodacus @LfScOrPiO @rokipet