Please set CORS headers for DracoCompression on

I’m trying to implement sharedArrayBuffers for web workers, where I compute all the physics. However, I’m unable to trigger a crossOriginIsolated environment due to the Draco decoder files that are used when loading my .gltf files. The files need to have proper cross origin headers when they are served from

The plugin loads the following files:

    decoder: {
        wasmUrl: "",
        wasmBinaryUrl: "",
        fallbackUrl: "",

These files prevent me from achieving crossOriginIsolated. if I change the config to point to google’s static server:

  decoder: {
    wasmUrl: '',
    wasmBinaryUrl: '',
    fallbackUrl: '',

crossOriginIsolated is achieved.

For more detail: headers are:

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: max-age=3600, s-maxage=86400
Content-Length: 188782
Content-Type: application/wasm
Date: Fri, 14 Jul 2023 13:14:59 GMT Etag: 0x8DB843EA311EE39
Last-Modified: Fri, 14 Jul 2023 07:47:56 GMT X-Azure-Ref: 20230714T131459Z-qs7x2nbxgp6530rt5defh60ad400000000bg00000000wud5
X-Cache: TCP_HIT
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 09cf0197-701e-0067-5f29-b63385000000
X-Ms-Version: 2009-09-19 headers are:

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 1710
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 63566
Content-Security-Policy: require-trusted-types-for 'script'; report-uri
Content-Type: application/wasm
Cross-Origin-Opener-Policy: same-origin; report-to="draco"
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 14 Jul 2023 03:35:23 GMT
Expires: Sat, 13 Jul 2024 03:35:23 GMT
Last-Modified: Tue, 07 Feb 2023 18:11:54 GMT
Report-To: {"group":"draco","max_age":2592000,"endpoints":[{"url":""}]}
Server: sffe
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Xss-Protection: 0
1 Like

You might want to turn on gzip as well to save some bandwidth on your servers.

Tagging @RaananW to have a look once he’s back

Let’s see :slight_smile:

gzip is enabled on most file types, i just added wasm as well. But that’s the less important ask here :slight_smile:

I’ll have to see how configurable the CDN we are using. I’ll try adding the missing headers. i’ll keep you updated here.

I have enabled two missing headers, I hope it works for you now. If it does work and there are no issues with any other site using preview, I will enable these headers to the stable CDN as well.


I just tested it and it worked. window.crossOriginIsolated is true.
File size is 61% smaller with gzip. :+1:
Thanks so much for making these updates.