Window:crossOriginIsolated 属性

Window 接口的 crossOriginIsolated 只读属性返回一个指示网站是否处于跨源隔离状态的布尔值。该状态降低了旁路攻击的风险并解锁了一些功能:

当响应标头 Cross-Origin-Opener-Policy 的值为 same-originCross-Origin-Embedder-Policy 标头的值为 require-corpcredentialless 时,网站处于跨源隔离状态。

一个布尔值。

示例

js
const myWorker = new Worker("worker.js");

if (window.crossOriginIsolated) {
  const buffer = new SharedArrayBuffer(16);
  myWorker.postMessage(buffer);
} else {
  const buffer = new ArrayBuffer(16);
  myWorker.postMessage(buffer);
}

规范

Specification
HTML
# dom-crossoriginisolated-dev

浏览器兼容性

Report problems with this compatibility data on GitHub
desktopmobileserver
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
Deno
Node.js
crossOriginIsolated

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support