No cross-origin-resource-policy set on https://cdn.holoviz.org/panel

bevilacqc · May 26, 2025, 10:07am

Hello,
I am trying to run a panel holoviz app in pyodide after converting via panel convert.
Since I have to execute some additional js code from the app which requires cross origin isolation I have to serve the app with Cross-Origin-Embedder-Policy: require-corp.

From the browser console I can see that all the resources served from https://cdn.holoviz.org/panel have no cross-origin-resource-policy set, so they are blocked by the browser.
I could make it work by setting ```Cross-Origin-Embedder-Policy: credentialless``, but this is not supported by all browsers (notably Safari).

Therefore I was wondering if it would be possible to serve the resources from https://cdn.holoviz.org/panel with a cross-origin-resource-policy or it was a decision not to enable it.

Marc · May 29, 2025, 3:35am

Hi @bevilacqc

I don’t know if its a design decission, but please convert this to a github issue. Then I think it has a better chance of being reviewed as a feature request and implemented.

Thanks.

Hoxbro · May 29, 2025, 7:22am

No, we want the CDN with everyone. Could you clearly state what is needed, along with some documentation of its effect, so that I can research it further?