非同源标签页之间的跨域通讯

[itorr]

这明明是个老生常谈的常见需求，但是在 Google 的页面上实现时遇到了诸多问题

在 https://origin.com 使用 window.open() 打开 https://www.google.com/maps 之后，无法在 https://www.google.com/maps 获取到 window.opener

原因是 打开的页面 header 中 设置了 cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"

If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy

这导致我没法传递信息进来，甚至也没法 postMessage 进来

content-security-policy-report-only

https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only

Header
content-security-policy-report-only:
object-src 'none';base-uri 'self';script-src 'nonce-gc8ZiCkj5aD2T-qhqYX1fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/maps-tactile

[itorr]

https://juejin.cn/post/6844903997698998285

使用 用户脚本 的

GM_setValue GM_addValueChangeListener 实现跨标签页通讯