欢迎 What's new in Chrome extensions Get help with Chrome extensions API reference Samples
欢迎 What's new in Chrome extensions Get help with Chrome extensions API reference Samples

Cross-origin embedder policy

Published on

Warning

The Chrome Web Store no longer accepts Manifest V2 extensions. Please use Manifest V3 when building new extensions. You will find a section on upgrading in the navigation tree at the left, including the Manifest V2 support timeline.

The cross_origin_embedder_policy manifest key lets the extension to specify a value for the Cross-Origin-Embedder-Policy (COEP) response header for requests to the extension's origin. This includes the extension's background context (service worker or background page), popup, options page, tabs that are open to an extension resource, etc.

Together with cross_origin_opener_policy, this key allows the extension to opt into cross-origin isolation.

Manifest declaration

This key was introduced in Chrome 93.

The cross_origin_embedder_policy manifest key takes an object. This object should only contain one property named value with a string value. Chrome uses this string as the value of the Cross-Origin-Embedder-Policy header when serving resources from the extension's origin. For example:

{
...
"cross_origin_embedder_policy": {
"value": "require-corp"
},
...
}

See the Cross-origin isolation overview for more information about this feature.

Updated on Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.