欢迎 What's new in Chrome extensions Get help with Chrome extensions API reference Samples
欢迎 What's new in Chrome extensions Get help with Chrome extensions API reference Samples

Cross-origin isolation

Published on Updated on

Warning

The Chrome Web Store no longer accepts Manifest V2 extensions. Please use Manifest V3 when building new extensions. You will find a section on upgrading in the navigation tree at the left, including the Manifest V2 support timeline.

Cross-origin isolation enables a web page to use powerful features such as SharedArrayBuffer. An extension can opt into cross-origin isolation by specifying the appropriate values for the cross_origin_embedder_policy and cross_origin_opener_policy manifest keys. For example, a manifest like the one below will opt the extension's origin into cross-origin isolation.

{
"name": "CrossOriginIsolation example",
"manifest_version": 2,
"version": "1.1",
"cross_origin_embedder_policy": {
"value": "require-corp"
},
"cross_origin_opener_policy": {
"value": "same-origin"
},
...
}

Opting into cross-origin isolation allows the extension to use powerful APIs like SharedArrayBuffers in its cross-origin isolated contexts. However, it does also come with certain side-effects. See Making your website "cross-origin isolated" using COOP and COEP for more information on this.

Caution

Even if an extension opts into cross-origin isolation, not all extension contexts will be cross-origin isolated. For example, cross-origin isolation is not fully implemented) for service and shared workers currently. Similarly, a cross-origin isolated extension's web-accessible subframe on a regular web page is not considered cross-origin isolated currently.

Updated on Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.