From 6b10a7da427003e9cbd9f98d625949eb33078841 Mon Sep 17 00:00:00 2001
From: Neon Vortex <neon-vortex@cluster.local>
Date: Sun, 23 Nov 2025 00:19:44 -0500
Subject: [PATCH] Fix CORS headers for static assets (WASM/JS files)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add CORS headers to static assets location block. In nginx, add_header
in a location block replaces all parent add_header directives, so the
CORS headers need to be repeated in the location block that handles
.wasm and .js files.

This fixes the issue where threaded WASM files couldn't load because
they didn't have the required Cross-Origin headers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 htlm/nginx.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/htlm/nginx.conf b/htlm/nginx.conf
index 25307af..8fa6bbd 100644
--- a/htlm/nginx.conf
+++ b/htlm/nginx.conf
@@ -37,5 +37,8 @@ server {
     location ~* \.(png|jpg|jpeg|gif|ico|wasm|js|css)$ {
         expires 1y;
         add_header Cache-Control "public, immutable";
+        # CORS headers must be repeated here because add_header in location block overrides parent
+        add_header Cross-Origin-Embedder-Policy "require-corp" always;
+        add_header Cross-Origin-Opener-Policy "same-origin" always;
     }
 }