From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: qua3k <cliffmaceyak@gmail.com>
Date: Thu, 21 Oct 2021 00:00:00 +0000
Subject: [PATCH] Enable strict origin isolation by default

Upstream is in the process of enabling origin isolation by default
in the process of deprecating `document.domain`. An insignificant
number of Chrome page loads use `document.domain`.

See https://crbug.com/1259920 and
https://chromestatus.com/metrics/feature/timeline/popularity/2544
for more detail.
---
 content/public/common/content_features.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
index 2dd328bff1f9c..76a15e470a170 100644
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -1264,7 +1264,7 @@ BASE_FEATURE(kStopVideoCaptureOnScreenLock,
 // eTLD+1.
 BASE_FEATURE(kStrictOriginIsolation,
              "StrictOriginIsolation",
-             base::FEATURE_DISABLED_BY_DEFAULT);
+             base::FEATURE_ENABLED_BY_DEFAULT);
 
 // Disallows window.{alert, prompt, confirm} if triggered inside a subframe that
 // is not same origin with the main frame.