cross-origin isolation

1. Use origin instead of site as agent cluster key for cross-origin isolated agent clusters. document.domain mutation is no-op for agents in cross-origin isolated agent clusters. 2. Introduce cross-origin isolated permission ( 3. Introduce self.crossOriginIsolated returning whether the surrounding agent cluster is cross-origin isolated and the environment has the cross-origin isolated permission.

1. allows origin isolation (instead of site isolation) for cross-origin isolated agent clusters. This is an incremental step of a long-term security improvement (see 2. allows web developers to control whether child frames can use powerful APIs such as SharedArrayBuffer and the memory measurement API. 3. allows web developers to see if they can use the powerful APIs.



Editor's draft

Status in Chromium


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Public support
  • No public signals
  • No public signals
  • No signals


Last updated on 2020-06-16