Origin-keyed agent clusters allows developers to opt in to giving up certain cross-origin same-site access capabilities — namely synchronous scripting via document.domain, and postMessage()ing WebAssembly.Module instances. This gives the browser more flexibility in implementation technologies. In particular, in Chrome, we will use this as a hint to put the origin in its own process, subject to resource or platform limitations.

Motivation

Certain legacy features prevent us from aligning the process boundary with the origin boundary, meaning that sometimes origins share a process with other origins. Origin-keyed agent clusters allows developers to voluntarily give up these legacy features, in exchange for potentially getting their own process. Reasons why a site may want a separate process include: performance isolation, allocations of large amounts of memory, and improved memory measurement.

Demo

Specification

Public discussion

Status in Chromium

Internals>Sandbox>SiteIsolation


Enabled by default (tracking bug) in:

  • Chrome for desktop release 88
  • Chrome for Android release 88

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Positive
  • No signal
  • Neutral
  • Positive

Owners

Intent to Prototype url

Intent to Prototype thread

Comments

This feature was originally known as "origin isolation", but was renamed per the discussion in https://github.com/whatwg/html/issues/6192.

Search tags

origin-agent-cluster, origin, header,

Last updated on 2021-03-02