Speaking of things that would be good to fix now, not years later, Chrome defaults to same-origin-domain checks unless you jump through some hoops, while Firefox and the spec default to same-origin checks. Chrome's behavior makes more things depend on document.domain. @mikewest
-
-
-
Replying to @mikewest
Filed https://bugs.chromium.org/p/chromium/issues/detail?id=1027191 … because I couldn't find an existing issue. The most recent case where this came up is https://github.com/whatwg/html/issues/3747 … Basically, need to audit the CanAccess uses.
1 reply 0 retweets 1 like
Replying to @really_bz @mikewest
Another example: Chrome's implementation of https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors … (which you wrote at least the spec for!) doesn't match the spec because of this issue...
1:20 PM - 21 Nov 2019
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.