You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP
Socket
Sign inDemoInstall
Socket

remote-web-worker

Package Overview
Dependencies
Maintainers
1
Versions
9
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

remote-web-worker

Cross origin web worker

0.0.9
latest
Source
npm
Version published
Weekly downloads
10K
25.56%
Maintainers
1
Weekly downloads
 
Created
Source

Remote Worker

Leightweight (~0.3kb) Worker patch to allow loading scripts from remote URLs (cross-origin).

Motivation

Allows to host Web Worker scripts on CDN servers without the following cors exceptions:

  • Uncaught DOMException: Failed to construct 'Worker': Script at 'https://cdn.jsdelivr.net/npm/console-log-hello-world' cannot be accessed from origin 'http://localhost:8080'.
  • Uncaught (in promise) DOMException: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'https://cdn.jsdelivr.net/npm/console-log-hello-world' failed to load.

Installation

npm install --save-dev remote-web-worker

Usage

Apply Patch

import 'remote-web-worker';

Initialize a Worker just like you would normally do:

const worker = new Worker(
  'https://cdn.jsdelivr.net/npm/console-log-hello-world',
  { type: 'classic' }
);

How it works

According to spec the Worker constructor accepts only local URLs, not remote URLs: https://developer.mozilla.org/en-US/docs/Web/API/Worker/Worker

As a workaround this patched Worker will use importScripts to load the remote script. https://developer.mozilla.org/en-US/docs/Web/API/WorkerGlobalScope/importScripts

Compatibility

  • Chrome 4+
  • Firefox 4+
  • Safari 4+

Limitations

  • Only supports type="classic" workers (no import or export)

Security

The remote script is loaded via importScripts which is not subject to CORS.
However, the script is loaded in a separate context and cannot access the main thread or the DOM. The remote script runs in the current sites origin and therefore will not be able to access Cookies or Local Storage of the remote server.

License

MIT

FAQs

Package last updated on 21 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts