Hello webkit-dev, I'd like to get your position on assigning documents to origin-keyed agent clusters by default. This would effectively deprecate document.domain setting, and make it available only as an opt-in feature.
Explainer: https://github.com/mikewest/deprecating-document-domain Details: We'd like to change the treatment of Origin-Agent-Cluster <https://html.spec.whatwg.org/multipage/origin.html#origin-isolation> so that the default - an absent or malformed header - would be treated as enabling origin-keyed agent clusters. This would turn the Origin-Agent-Cluster:-header from an opt-in into an opt-out feature. As a consequence, browsers could origin-isolate more pages. The developer-visible consequence is that modifying document.domain in order to relax same-origin restrictions, which is already deprecated <https://html.spec.whatwg.org/#relaxing-the-same-origin-restriction>, will turn into an opt-in feature that must be explicitly requested. Further info: TAG discussion on the subject: https://github.com/w3ctag/design-reviews/issues/564 Explainer: https://github.com/mikewest/deprecating-document-domain HTML Spec on Origin-Agent-Cluster: https://html.spec.whatwg.org/multipage/origin.html#origin-isolation HTML Spec on document.domain: https://html.spec.whatwg.org/#relaxing-the-same-origin-restriction
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
