I ran the
sample code in the article in Chrome extension and it works.
Files in Chrome extensions like
https://localhost (not file://), it is a secure context.
Why does it need the "Cross-Origin-Opener-Policy" and "Cross-Origin-Embedder-Policy" HTTP headers? Because it is the
security requirements of SharedArrayBuffer.
As MDN's sample code, in my test (Chrome 108 stable), SharedArrayBuffer works in extensions without those two HTTP headers.
// in an extension page
const myWorker = new Worker('worker.js');
const buffer = new SharedArrayBuffer(16);
myWorker.postMessage(buffer);
In devtools' network panel, you can see those two http headers and above code works without throwing errors.
Furthermore, Chrome extension does support these two HTTP headers. You can add below contents in extension manifest.json.
// extension manifest.json
"cross_origin_embedder_policy": {
"value": "require-corp"
},
"cross_origin_opener_policy": {
"value": "same-origin"
},
After adding "cross_origin_embedder_policy" and "cross_origin_opener_policy" in manifest, you will see these two HTTP headers in devtools' network panel when you open an extension page.
In addition, Chrome supports WASM since Chrome 103.
// extension manifest.json
"content_security_policy": {
"extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
},
In summary, SQLite Wasm with SharedArrayBuffer works in Chrome extension.