Cross-origin embedder policy
You're viewing the deprecated Manifest V2 version of this article. See Manifest V3 - Manifest Cross-origin embedder policy for the MV3 equivalent.
The Chrome Web Store no longer accepts Manifest V2 extensions. Follow the Manifest V3 Migration guide to convert your extension to Manifest V3.
The cross_origin_embedder_policy
manifest key lets the extension to specify a value for the Cross-Origin-Embedder-Policy (COEP) response header for requests to the extension's origin. This includes the extension's background context (service worker or background page), popup, options page, tabs that are open to an extension resource, etc.
Together with cross_origin_opener_policy, this key allows the extension to opt into cross-origin isolation.
Manifest declaration
This key was introduced in Chrome 93.
The cross_origin_embedder_policy
manifest key takes an object. This object should only contain one property named value
with a string value. Chrome uses this string as the value of the Cross-Origin-Embedder-Policy
header when serving resources from the extension's origin. For example:
{
...
"cross_origin_embedder_policy": {
"value": "require-corp"
},
...
}
See the Cross-origin isolation overview for more information about this feature.