Home
Docs
Blog
Articles
Home
Docs
Blog
Articles
扩展程序
欢迎 What's new in Chrome extensions Get help with Chrome extensions
欢迎 Extensions 101 Development basics Run scripts on every page Inject scripts into the active tab Manage tabs
欢迎了解 Manifest V3 扩展程序平台愿景 Overview of Manifest V3
What are themes? 常见问题 Extensions quality guidelines FAQ
Migrate to Manifest V3 Manifest V3 migration checklist Update the manifest Migrate to a service worker Update your code Replace blocking web request listeners Improve extension security Manifest V2 支持时间线 Known issues when migrating to Manifest V3
API reference Samples
Extension development overview Manifest file format 架构概述 Declare permissions Design the user interface Debugging extensions 示例
Message passing Content scripts Manage events with service workers Match patterns Using promises 跨域隔离
Cross-origin XMLHttpRequest Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools Fetching favicons OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API Native messaging
Protect user privacy Declare permissions and warn users Stay secure Accessibility (a11y) Localization message formats Give users options
托管扩展程序 Alternative extension installation methods Installing extensions on Linux Tutorial: Google analytics
About Manifest V2 Getting started
What are extensions? What are themes? Frequently asked questions
Extension development overview Manifest file format Architecture overview Declare permissions Design the user interface Debugging extensions Samples
Message passing Content scripts Manage events with background scripts Match patterns Cross-origin isolation
Cross-origin XMLHttpRequest Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API
Protect user privacy Declare permissions and warn users Stay secure Accessibility (a11y) Localization message formats Give users options
Chrome Web Store Alternative extension distribution options Installing extensions on Linux Tutorial: Google analytics
扩展程序
欢迎 What's new in Chrome extensions Get help with Chrome extensions
欢迎 Extensions 101 Development basics Run scripts on every page Inject scripts into the active tab Manage tabs
欢迎了解 Manifest V3 扩展程序平台愿景 Overview of Manifest V3
What are themes? 常见问题 Extensions quality guidelines FAQ
Migrate to Manifest V3 Manifest V3 migration checklist Update the manifest Migrate to a service worker Update your code Replace blocking web request listeners Improve extension security Manifest V2 支持时间线 Known issues when migrating to Manifest V3
API reference Samples
Extension development overview Manifest file format 架构概述 Declare permissions Design the user interface Debugging extensions 示例
Message passing Content scripts Manage events with service workers Match patterns Using promises 跨域隔离
Cross-origin XMLHttpRequest Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools Fetching favicons OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API Native messaging
Protect user privacy Declare permissions and warn users Stay secure Accessibility (a11y) Localization message formats Give users options
托管扩展程序 Alternative extension installation methods Installing extensions on Linux Tutorial: Google analytics
About Manifest V2 Getting started
What are extensions? What are themes? Frequently asked questions
Extension development overview Manifest file format Architecture overview Declare permissions Design the user interface Debugging extensions Samples
Message passing Content scripts Manage events with background scripts Match patterns Cross-origin isolation
Cross-origin XMLHttpRequest Using eval in Chrome extensions
Overriding Chrome settings Extending DevTools OAuth2: Authenticate users with Google Overriding Chrome pages Rich notifications API
Protect user privacy Declare permissions and warn users Stay secure Accessibility (a11y) Localization message formats Give users options
Chrome Web Store Alternative extension distribution options Installing extensions on Linux Tutorial: Google analytics

Cross-origin embedder policy

Published on

Warning

The Chrome Web Store no longer accepts Manifest V2 extensions. Please use Manifest V3 when building new extensions. You will find a section on upgrading in the navigation tree at the left, including the Manifest V2 support timeline.

The cross_origin_embedder_policy manifest key lets the extension to specify a value for the Cross-Origin-Embedder-Policy (COEP) response header for requests to the extension's origin. This includes the extension's background context (service worker or background page), popup, options page, tabs that are open to an extension resource, etc.

Together with cross_origin_opener_policy, this key allows the extension to opt into cross-origin isolation.

Manifest declaration

This key was introduced in Chrome 93.

The cross_origin_embedder_policy manifest key takes an object. This object should only contain one property named value with a string value. Chrome uses this string as the value of the Cross-Origin-Embedder-Policy header when serving resources from the extension's origin. For example:

{
    ...
    "cross_origin_embedder_policy": {
      "value": "require-corp"
    },
    ...
}

See the Cross-origin isolation overview for more information about this feature.

Updated on Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More details