Remove the "document-domain" permissions policy

This policy-controlled feature would cause document.domain assignment to be aborted with a "SecurityException" DOMException. It was only ever implemented in Chromium, and was never enabled by default; Chromium is now removing it.
noamr · Jan 17, 2023 · 6ed89e8 · 6ed89e8
1 parent 4fadf1d
commit 6ed89e8
Showing 1 changed file with 3 additions and 10 deletions.
diff --git a/source b/source
@@ -4607,9 +4607,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     data-x="">cross-origin-isolated</code></dfn>", which has a <span
     data-x="concept-default-allowlist">default allowlist</span> of <code
     data-x="">'self'</code>.</li>
-    <li>"<dfn data-x="document-domain-feature"><code data-x="">document-domain</code></dfn>", which
-    has a <span data-x="concept-default-allowlist">default allowlist</span> of <code
-    data-x="">*</code>.</li>
   </ul>
 
 
@@ -81237,9 +81234,8 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
     of a domain to synchronously access each other's DOMs.</p>
 
     <p>In sandboxed <code>iframe</code>s, <code>Document</code>s with <span
-    data-x="concept-origin-opaque">opaque origins</span>, <code>Document</code>s without a <span
-    data-x="concept-document-bc">browsing context</span>, and when the "<code
-    data-x="document-domain-feature">document-domain</code>" feature is disabled, the setter will
+    data-x="concept-origin-opaque">opaque origins</span>, and <code>Document</code>s without a <span
+    data-x="concept-document-bc">browsing context</span>, the setter will
     throw a <span>"<code>SecurityError</code>"</span> exception. In cases where <code
     data-x="dom-crossOriginIsolated">crossOriginIsolated</code> or <code
     data-x="dom-originAgentCluster">originAgentCluster</code> return true, the setter will do
@@ -81289,10 +81285,6 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
    <code data-x="dom-document-domain">document.domain</code> browsing context flag</span> set, then
    throw a <span>"<code>SecurityError</code>"</span> <code>DOMException</code>.</p></li>
 
-   <li><p>If <span>this</span> is not <span>allowed to use</span> the "<code
-   data-x="document-domain-feature">document-domain</code>" feature, then throw a
-   <span>"<code>SecurityError</code>"</span> <code>DOMException</code>.</p></li>
-
    <li><p>Let <var>effectiveDomain</var> be <span>this</span>'s <span
    data-x="concept-document-origin">origin</span>'s <span
    data-x="concept-origin-effective-domain">effective domain</span>.
@@ -131883,6 +131875,7 @@ INSERT INTERFACES HERE
   Daniel Steinberg,
   Daniel Tan,
   Daniel Trebbien,
+  Daniel Vogelheim,
   Danny Sullivan,
   Daphne Preston-Kendal,
   Darien Maillet Valentine,