Creating a WebWorker inside a WebWorker will the self.origin value being null.

[hughfenghen]

Describe the bug

When the origin value is null, calling some APIs can trigger SecurityError or Cross-Origin error.

For example, executing await navigator.storage.getDirectory()
will throw the error: Error: SecurityError: Storage directory access is denied.

The reason is that a WebWorker was created using a Data URL.

The corresponding Vite code is at: https://github.com/vitejs/vite/blob/7b240e408ed83f172e9f88823eae3b4a9ba92674/packages/vite/src/node/plugins/worker.ts#L326C28-L326C38

I tried replacing self with window, which resolved the issue.

Reproduction

https://stackblitz.com/edit/vitejs-vite-hfhdfg?file=main.js

Steps to reproduce

1. npm run build
2. check dist/assets/index-[hash].js

System Info

N/A

Used Package Manager

npm

Logs

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Vite issue and not a framework-specific issue. For example, if it's a Vue SFC related bug, it should likely be reported to vuejs/core instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.

[stackblitz]

Start a new pull request in StackBlitz Codeflow.

• vitejs-vite-hfhdfg (Open reproduction)