Cross-origin isolation

Cross-origin isolation enables a web page to use powerful features such asSharedArrayBuffer. An extension can opt into cross-origin isolation byspecifying the appropriate values for thecross_origin_embedder_policy andcross_origin_opener_policy manifest keys. For example, a manifest like the followingwill opt the extension's origin into cross-origin isolation.

{"name":"CrossOriginIsolation example","manifest_version":3,"version":"1.1","cross_origin_embedder_policy":{"value":"require-corp"},"cross_origin_opener_policy":{"value":"same-origin"},...}

Opting into cross-origin isolation allows the extension to use powerful APIs like SharedArrayBuffersin its cross-origin isolated contexts. However, it does also come with certain side-effects. SeeMaking your website "cross-origin isolated" using COOP and COEP formore information on this.

Caution: Even if an extension opts into cross-origin isolation, not all extension contexts will becross-origin isolated. For example, cross-origin isolation is not fully implementedfor service and shared workers currently. Similarly, a cross-origin isolated extension'sweb-accessible subframe on a regular web page is not considered cross-origin isolated currently.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2021-08-03 UTC.

Movatterモバイル変換

Cross-origin isolation Stay organized with collections Save and categorize content based on your preferences.

Cross-origin isolation