Cross-origin isolation
The Chrome Web Store no longer accepts Manifest V2 extensions. Please use Manifest V3 when building new extensions. You will find a section on upgrading in the navigation tree at the left, including the Manifest V2 support timeline.
Cross-origin isolation enables a web page to use powerful features such as SharedArrayBuffer
. An extension can opt into cross-origin isolation by specifying the appropriate values for the cross_origin_embedder_policy
and cross_origin_opener_policy
manifest keys. For example, a manifest like the one below will opt the extension's origin into cross-origin isolation.
{
"name": "CrossOriginIsolation example",
"manifest_version": 2,
"version": "1.1",
"cross_origin_embedder_policy": {
"value": "require-corp"
},
"cross_origin_opener_policy": {
"value": "same-origin"
},
...
}
Opting into cross-origin isolation allows the extension to use powerful APIs like SharedArrayBuffers in its cross-origin isolated contexts. However, it does also come with certain side-effects. See Making your website "cross-origin isolated" using COOP and COEP for more information on this.
Even if an extension opts into cross-origin isolation, not all extension contexts will be cross-origin isolated. For example, cross-origin isolation is not fully implemented) for service and shared workers currently. Similarly, a cross-origin isolated extension's web-accessible subframe on a regular web page is not considered cross-origin isolated currently.