fix(typedserver): Add cross-origin security headers to element mode dev server

2025-12-11 17:14:05 +00:00
parent 0bb76f32b8
commit 313362b795
3 changed files with 12 additions and 1 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,12 @@
 # Changelog

+## 2025-12-11 - 2.3.11 - fix(typedserver)
+Add cross-origin security headers to element mode dev server
+
+- Set crossOriginOpenerPolicy to 'same-origin' and crossOriginEmbedderPolicy to 'require-corp' on the TypedServer used in element mode.
+- Improves security and enables cross-origin isolation (e.g. for SharedArrayBuffer) during local development.
+- Applies to the development server serving ./dist_watch/ on port 3002.
+
 ## 2025-12-11 - 2.3.10 - fix(dependencies)
 Bump dependency versions: @types/node to ^25.0.0 and @push.rocks/smartwatch to ^6.2.4

--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@git.zone/tswatch',
-  version: '2.3.10',
+  version: '2.3.11',
  description: 'A development tool for automatically watching and re-compiling TypeScript projects upon detecting file changes, enhancing developer workflows.'
 }
--- a/ts/tswatch.classes.tswatch.ts
+++ b/ts/tswatch.classes.tswatch.ts
@@ -73,6 +73,10 @@ export class TsWatch {
            port: 3002,
            compression: true,
            spaFallback: true,
+            securityHeaders: {
+              crossOriginOpenerPolicy: 'same-origin',
+              crossOriginEmbedderPolicy: 'require-corp',
+            },
          });

          const bundleAndReloadElement = async () => {