Cross-origin opener policy

The cross_origin_opener_policy manifest key lets extensions specify a value for the Cross-Origin-Opener-Policy (COOP) response header for requests to the extension's origin. This includes the extension's service worker, popup, options page, tabs that are open to an extension resource, etc.

Together with cross_origin_embedder_policy, this key allows extensions opt into cross-origin isolation.

Manifest declaration

The cross_origin_opener_policy manifest key contains an object with one property named value that takes a string. Chrome uses this string as the value of the Cross-Origin-Opener-Policy header when serving resources from the extension's origin. For example:

{
    ...
    "cross_origin_opener_policy": {
      "value": "same-origin"
    },
    ...
}

See Cross-origin isolation overview for more information about this feature.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2021-08-03 UTC.