Transformers.js Tests Cross-Origin Storage to Cut AI Model Duplication

How browser cache isolation created a model duplication problem

Transformers.js lets web developers run AI inference (automatic speech recognition, sentiment analysis, image classification) directly in the browser using WebAssembly and JavaScript. When a user visits an app running Transformers.js, the library downloads model weights and ONNX Runtime WebAssembly files, caches them locally via the browser's Cache API, and serves them from cache on reload.

The problem: browsers isolate caches by origin for security. If you visit googlechrome.github.io running Whisper speech recognition and then visit rawcdn.rawgit.net running the same Whisper model, the browser treats the cached Whisper weights as belonging to the first origin. The second origin cannot reuse them. Both sites must download and store the identical bytes, wasting 177 MB of bandwidth and disk space per duplicate (per Hugging Face's test case).

The waste compounds when multiple pipelines are deployed. A sentiment analysis model might use the same 4.7 MB ONNX Runtime WebAssembly file as the speech recognition model, but because the Wasm file is isolated by origin too, every new origin re-downloads and re-stores it regardless of whether the content is byte-for-byte identical.

The Cross-Origin Storage API proposal aims to decouple identity from location

Google's Chrome team, in collaboration with Hugging Face, is experimenting with a new browser primitive called the Cross-Origin Storage (COS) API. Instead of keying cached files by URL and origin, COS identifies them by SHA-256 cryptographic hash. If the same Wasm runtime is requested on two different origins, the browser recognizes both requests map to the same hash and serves a single cached copy.

The API exposes a navigator.crossOriginStorage interface. When an app requests a file by hash and a cache hit occurs, it gets back a file handle and avoids the network. On miss, the app downloads the file, writes it to COS by hash, and subsequent requests from any origin (or restricted origins, if specified) will find it.

Access control is granular. Developers can mark files as globally shared (origins: '*', ideal for open-source model weights), restricted to specific origins (origins: ['https://company-a.com', 'https://company-b.com'], for internal sharing), or same-site only (the default). Critically, visibility can only be upgraded, never downgraded: if a file is public, a later attempt to restrict it is silently ignored, preventing malicious narrowing of access.

Integrity is built in. The browser verifies the hash of any file written to COS. If the data does not match the declared hash, the write fails. This means files in COS are always tamper-evident, even if they were downloaded from a third-party mirror or untrusted CDN.

The proposal is early-stage; a polyfill exists for experimentation

The Cross-Origin Storage API is not yet standardized and has no native browser implementation. Hugging Face and Google have published a proposal and made available a Chrome extension that injects a navigator.crossOriginStorage polyfill so developers can test the complete flow today.

The security and privacy model is intentional. Because hashes are not secret (anyone can compute a file's hash), an attacker could theoretically probe for the presence of proprietary files in COS. The API mitigates this via the origins field: proprietary assets should never be stored with origins: '*'. Public open-source models like Whisper or DistilBERT are safe candidates for global sharing because their existence is not sensitive information.

Standardization is ongoing. The proposal has been shared with browser vendors and the W3C community group; adoption and timeline remain uncertain. Transformers.js teams should view the current phase as an opportunity to provide feedback on the API shape and report real-world use cases, particularly around Wasm runtime reuse and multi-origin model deployment patterns.