Skip to content

Instantly share code, notes, and snippets.

@mizchi

mizchi/vite.config.js

Last active September 4, 2025 02:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mizchi/afcc5cf233c9e6943720fde4b4579a2b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mizchi/afcc5cf233c9e6943720fde4b4579a2b to your computer and use it in GitHub Desktop.
Download ZIP
vite config with corp/coep header
Raw
vite.config.js
import fs from "fs";
import { defineConfig } from "vite";
export default defineConfig({
plugins: [
{
name: "isolation",
configureServer(server) {
server.middlewares.use((_req, res, next) => {
res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
next();
});
},
},
],
// server: {
// https: {
// key: fs.readFileSync("./cert/localhost-key.pem"),
// cert: fs.readFileSync("./cert/localhost.pem"),
// },
// },
});
@boredom2
Copy link

boredom2 commented May 4, 2023

Thank you!

@longvudai
Copy link

longvudai commented Jul 23, 2024

Can someone explain why the above gist works but the one below does not for me?

import { defineConfig } from 'vite'

export default defineConfig({
	server: {
		headers: {
			'Cross-Origin-Embedder-Policy': 'require-corp',
			'Cross-Origin-Opener-Policy': 'same-origin'
		}
	},
}

@epreston
Copy link

epreston commented Aug 13, 2024

Can someone explain why the above gist works but the one below does not for me?

import { defineConfig } from 'vite'

export default defineConfig({
	server: {
		headers: {
			'Cross-Origin-Embedder-Policy': 'require-corp',
			'Cross-Origin-Opener-Policy': 'same-origin'
		}
	},
}

The following works correctly, tested on 5.4.0+, additional settings so you can inspect the output.

import { defineConfig } from 'vite';

// https://vitejs.dev/config/
export default defineConfig({
  build: {
    minify: false,
    assetsInlineLimit: 0,
    target: ['es2022']
  },
  server: {
    headers: {
      'Cross-Origin-Embedder-Policy': 'require-corp',
      'Cross-Origin-Opener-Policy': 'same-origin'
    }
  }
});

You can test with the crossOriginIsolated global using following in your js.

if (crossOriginIsolated) {
  console.log(`crossOriginIsolated`);
} else {
  console.log(`not crossOriginIsolated`);
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment