Enable opaque origins for data URLs in Web Workers
Supported on: Microsoft Windows 7 or later
Registry
Software\Policies\Google\Chrome Software\Policies\Google\Chrome Value name: DataUrlInWebWorkerOpaqueOriginEnabled
Enabled: DataUrlInWebWorkerOpaqueOriginEnabled = 1
Disabled: DataUrlInWebWorkerOpaqueOriginEnabled = 0
Description
Controls whether Web Workers created from data URLs are assigned a unique opaque origin. Web Workers can be created using a data URL containing the worker's script. Previously, these workers inherited the origin of the page that created them, allowing them to access the same local storage, cookies, and other origin-bound data. To improve security and align with the HTML specification, Chrome is changing its default behavior in milestone 149 so that workers created from data URLs will now have a unique, opaque origin. This isolates them from the creator page's data. If this policy is set to Enabled or left unset, the new default (more secure) behavior is used, and Web Workers created from data URLs will have a unique opaque origin. If this policy is set to Disabled, Chrome reverts to the legacy behavior, and Web Workers created from data URLs will inherit the origin of their creator. This allows administrators to temporarily resolve compatibility issues if internal applications break due to the security change. This policy is intended to be temporary and will be removed in milestone 157.