Use SPA SDK with Cross-Origin Embeder Policy

Hi all, we are using auth0-spa-js 1.13.6 in our application.

We require the SharedArrayBuffer in our application and therefore we need to set the Browser to cross-origin isolated by adding the following headers:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

See Making your website "cross-origin isolated" using COOP and COEP

This breaks the Auth0 SPA SDK, because there is a /authorize request running in an iframe. This iframe does not have any Cross-Origin Resource Policy set.

How could we solve this?

Thanks for any inputs,
Markus

Please include the following information in your post:

  • Which SDK this is regarding:
    auth0-spa-js

  • SDK Version:
    1.13.6

  • Platform Version: e.g. Node 12.19.0

  • Code Snippets/Error Messages/Supporting Details/Screenshots:

Is this a feature request or bug report? If so, please create an issue directly in the corresponding GitHub repo. The Community SDK category is for general discussion and support.