Welcome What's new in Chrome extensions Getting started API Reference Samples
Welcome What's new in Chrome extensions Getting started API Reference Samples

Cross-origin isolation

Published on

Cross-origin isolation enables a web page to use powerful features such as SharedArrayBuffer. An extension can opt into cross-origin isolation by specifying the appropriate values for the cross_origin_embedder_policy and cross_origin_opener_policy manifest keys. For example, a manifest like the one below will opt the extension's origin into cross-origin isolation.

{
"name": "CrossOriginIsolation example",
"manifest_version": 3,
"version": "1.1",
"cross_origin_embedder_policy": {
"value": "require-corp"
},
"cross_origin_opener_policy": {
"value": "same-origin"
},
....
}

Opting into cross-origin isolation allows the extension to use powerful APIs like SharedArrayBuffers in its cross-origin isolated contexts. However, it does also come with certain side-effects. See Making your website "cross-origin isolated" using COOP and COEP for more information on this.

Caution

Even if an extension opts into cross-origin isolation, not all extension contexts will be cross-origin isolated. For example, cross-origin isolation is not fully implemented) for service and shared workers currently. Similarly, a cross-origin isolated extension's web-accessible subframe on a regular web page is not considered cross-origin isolated currently.

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.