The current mainstream release of Google’s browser – Chrome 100 – already throws up a warning about the soon-to-be deprecated facility that allows website developers to take advantage of document.domain to relax the same-origin policy. Read more of the latest news about browser security More specifically, starting from Chrome 106, websites will be unable to set ‘ document.domain’, a technique that allows same-site-but-cross-origin communications. Starting with the upcoming Chrome 106 release, Google’s web browser will close a loophole that went against best practices as well as, more importantly, posing a danger in hosted environments. Web developers who rely on a workaround that relaxed the same origin policy to allow subdomains to exchange content will soon need to take a different approach.
0 kommentar(er)
