Welcome What's new in Chrome extensions API reference Samples
Welcome What's new in Chrome extensions API reference Samples

Cross-origin isolation

Published on Updated on

Warning

You're viewing the deprecated Manifest V2 version of this article. See Manifest V3 - Cross-origin isolation for the MV3 equivalent.

The Chrome Web Store no longer accepts Manifest V2 extensions. Follow the Manifest V3 Migration guide to convert your extension to Manifest V3.

Cross-origin isolation enables a web page to use powerful features such as SharedArrayBuffer. An extension can opt into cross-origin isolation by specifying the appropriate values for the cross_origin_embedder_policy and cross_origin_opener_policy manifest keys. For example, a manifest like the one below will opt the extension's origin into cross-origin isolation.

{
"name": "CrossOriginIsolation example",
"manifest_version": 2,
"version": "1.1",
"cross_origin_embedder_policy": {
"value": "require-corp"
},
"cross_origin_opener_policy": {
"value": "same-origin"
},
...
}

Opting into cross-origin isolation allows the extension to use powerful APIs like SharedArrayBuffers in its cross-origin isolated contexts. However, it does also come with certain side-effects. See Making your website "cross-origin isolated" using COOP and COEP for more information on this.

Caution

Even if an extension opts into cross-origin isolation, not all extension contexts will be cross-origin isolated. For example, cross-origin isolation is not fully implemented) for service and shared workers currently. Similarly, a cross-origin isolated extension's web-accessible subframe on a regular web page is not considered cross-origin isolated currently.

Updated on Improve article

This site uses cookies to deliver and enhance the quality of its services and to analyze traffic. If you agree, cookies are also used to serve advertising and to personalize the content and advertisements that you see. Learn more about our use of cookies.