WorkerGlobalScope: crossOriginIsolated property

Note: This feature is only available in Web Workers.

The crossOriginIsolated read-only property of the WorkerGlobalScope interface returns a boolean value that indicates whether the website is in a cross-origin isolation state. That state mitigates the risk of side-channel attacks and unlocks a few capabilities:

A website is in a cross-origin isolated state, when the response header Cross-Origin-Opener-Policy has the value same-origin and the Cross-Origin-Embedder-Policy header has the value require-corp or credentialless.

Value

A boolean value.

Examples

js
const myWorker = new Worker("worker.js");

if (self.crossOriginIsolated) {
  const buffer = new SharedArrayBuffer(16);
  myWorker.postMessage(buffer);
} else {
  const buffer = new ArrayBuffer(16);
  myWorker.postMessage(buffer);
}

Specifications

Specification
HTML Standard
# dom-crossoriginisolated-dev

Browser compatibility

BCD tables only load in the browser