Transformers.js, a library for running machine learning models in web browsers, faces a significant caching challenge due to modern browser security policies. When users visit multiple websites using the same AI models or underlying Wasm runtimes, browsers currently treat these resources as origin-specific, leading to redundant downloads and excessive storage usage. For instance, common models like Xenova/whisper-tiny.en or the 4,733 kB ort-wasm-simd-threaded.asyncify.wasm file are re-downloaded for every new site, wasting bandwidth and disk space. This isolation exists because browsers partition caches by origin to prevent side-channel timing attacks, which could otherwise reveal a user's browsing history.

The proposed Cross-Origin Storage (COS) API aims to resolve this by introducing a navigator.crossOriginStorage interface that identifies files by cryptographic hash rather than URL or origin. Using a SHA-256 hash as a unique key, the browser can recognize that two different websites are requesting the same file, allowing them to share a single cached copy. Developers can control visibility via an origins option: setting origins: '' makes a file globally available, while a restricted list limits access to specific sites. The API enforces integrity by verifying that the written data matches the declared hash, ensuring that retrieved files are exactly what the application expects.

To address privacy concerns, the browser may gate availability by suppressing confirmation of a file's presence if it has not been encountered across a sufficient number of distinct origins, preventing the use of rare files as trackers. Developers are instructed to treat any retrieval error as a cache miss and fall back to a network download. Transformers.js is currently piloting this API via an experimental cache backend. By enabling env.experimental_useCrossOriginStorage, the library uses the hash of tracked model files to interact with the COS interface. When successful, this reduces startup latency for AI-powered web applications and eliminates the need for duplicate storage of large model weights and shared runtime files across different web origins.

Transformers.js, a library for running machine learning models in web browsers, faces a significant caching challenge due to modern browser security policies. When users visit multiple websites using the same AI models or underlying Wasm runtimes, browsers currently treat these resources as origin-specific, leading to redundant downloads and excessive storage usage. For instance, common models like Xenova/whisper-tiny.en or the 4,733 kB ort-wasm-simd-threaded.asyncify.wasm file are re-downloaded for every new site, wasting bandwidth and disk space. This isolation exists because browsers partition caches by origin to prevent side-channel timing attacks, which could otherwise reveal a user's browsing history.

The proposed Cross-Origin Storage (COS) API aims to resolve this by introducing a navigator.crossOriginStorage interface that identifies files by cryptographic hash rather than URL or origin. Using a SHA-256 hash as a unique key, the browser can recognize that two different websites are requesting the same file, allowing them to share a single cached copy. Developers can control visibility via an origins option: setting origins: '' makes a file globally available, while a restricted list limits access to specific sites. The API enforces integrity by verifying that the written data matches the declared hash, ensuring that retrieved files are exactly what the application expects.

To address privacy concerns, the browser may gate availability by suppressing confirmation of a file's presence if it has not been encountered across a sufficient number of distinct origins, preventing the use of rare files as trackers. Developers are instructed to treat any retrieval error as a cache miss and fall back to a network download. Transformers.js is currently piloting this API via an experimental cache backend. By enabling env.experimental_useCrossOriginStorage, the library uses the hash of tracked model files to interact with the COS interface. When successful, this reduces startup latency for AI-powered web applications and eliminates the need for duplicate storage of large model weights and shared runtime files across different web origins.