Please set CORS headers for DracoCompression on preview.babylonjs.com

Frankie_Ali · July 14, 2023, 1:19pm

I’m trying to implement sharedArrayBuffers for web workers, where I compute all the physics. However, I’m unable to trigger a crossOriginIsolated environment due to the Draco decoder files that are used when loading my .gltf files. The files need to have proper cross origin headers when they are served from preview.babylonjs.com.

The plugin loads the following files:

    decoder: {
        wasmUrl: "https://preview.babylonjs.com/draco_wasm_wrapper_gltf.js",
        wasmBinaryUrl: "https://preview.babylonjs.com/draco_decoder_gltf.wasm",
        fallbackUrl: "https://preview.babylonjs.com/draco_decoder_gltf.js",
    },

These files prevent me from achieving crossOriginIsolated. if I change the config to point to google’s static server:

  decoder: {
    wasmUrl: 'https://www.gstatic.com/draco/versioned/decoders/1.5.6/draco_wasm_wrapper_gltf.js',
    wasmBinaryUrl: 'https://www.gstatic.com/draco/versioned/decoders/1.5.6/draco_decoder_gltf.wasm',
    fallbackUrl: 'https://www.gstatic.com/draco/versioned/decoders/1.5.6/draco_decoder_gltf.js',
  },

crossOriginIsolated is achieved.

For more detail: preview.babylonjs.com headers are:

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: max-age=3600, s-maxage=86400
Content-Length: 188782
Content-Type: application/wasm
Date: Fri, 14 Jul 2023 13:14:59 GMT Etag: 0x8DB843EA311EE39
Last-Modified: Fri, 14 Jul 2023 07:47:56 GMT X-Azure-Ref: 20230714T131459Z-qs7x2nbxgp6530rt5defh60ad400000000bg00000000wud5
X-Cache: TCP_HIT
X-Ms-Blob-Type: BlockBlob
X-Ms-Lease-Status: unlocked
X-Ms-Request-Id: 09cf0197-701e-0067-5f29-b63385000000
X-Ms-Version: 2009-09-19

www.gstatic.com headers are:

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 1710
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 63566
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/draco
Content-Type: application/wasm
Cross-Origin-Opener-Policy: same-origin; report-to="draco"
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 14 Jul 2023 03:35:23 GMT
Expires: Sat, 13 Jul 2024 03:35:23 GMT
Last-Modified: Tue, 07 Feb 2023 18:11:54 GMT
Report-To: {"group":"draco","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/draco"}]}
Server: sffe
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Xss-Protection: 0

Frankie_Ali · July 14, 2023, 1:46pm

You might want to turn on gzip as well to save some bandwidth on your servers.

carolhmj · July 14, 2023, 2:09pm

Tagging @RaananW to have a look once he’s back

sebavan · July 17, 2023, 8:49pm

RaananW · July 19, 2023, 9:52am

Let’s see

gzip is enabled on most file types, i just added wasm as well. But that’s the less important ask here

I’ll have to see how configurable the CDN we are using. I’ll try adding the missing headers. i’ll keep you updated here.

RaananW · July 19, 2023, 12:04pm

I have enabled two missing headers, I hope it works for you now. If it does work and there are no issues with any other site using preview, I will enable these headers to the stable CDN as well.

Frankie_Ali · July 20, 2023, 1:26pm

Success!
I just tested it and it worked. window.crossOriginIsolated is true.
File size is 61% smaller with gzip.
Thanks so much for making these updates.

RaananW · July 20, 2023, 1:51pm