Check if any code changes needed to support Cross-Origin Opener Policy (COOP)

[sosnovsky]

https://workspaceupdates.googleblog.com/2025/10/protecting-gmail-users-from-xs-search.html

In January 2026 Gmail will enforce Cross-Origin Opener Policy (COOP) on Gmail pages:

Who’s impacted
Websites or browser extensions that open Gmail in a pop-up window and interact with that window by accessing its properties (closed, location, length, focus) or invoking its functions (close, postMessage). Also, browser extensions that are injected into Gmail page and access the opener handle which is a reference to the window that opened the current Gmail page.

Need to check if FlowCrypt browser extension requires any code updates to support COOP.

[ioanatflowcrypt]

Checked the code - I think we're good, no changes needed.

FlowCrypt doesn't do any of the things COOP will block:

• We don't open Gmail in popups
• OAuth login uses Chrome extension APIs (not affected by COOP)
• No accessing window.opener or other window properties

The extension already works the COOP-friendly way, so we may close this.

[sosnovsky]

Got it, thanks for checking!