LeOSium_webview/mulch/patches/0001-Vanadium/0080-Enable-strict-origin-i...

30 lines
1.2 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: qua3k <cliffmaceyak@gmail.com>
Date: Thu, 21 Oct 2021 00:00:00 +0000
Subject: [PATCH] Enable strict origin isolation by default
Upstream is in the process of enabling origin isolation by default
in the process of deprecating `document.domain`. An insignificant
number of Chrome page loads use `document.domain`.
See https://crbug.com/1259920 and
https://chromestatus.com/metrics/feature/timeline/popularity/2544
for more detail.
---
content/public/common/content_features.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
index c1267dbcbb907..03706eb656b30 100644
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -1009,7 +1009,7 @@ BASE_FEATURE(kSpareRendererForSitePerProcess,
// eTLD+1.
BASE_FEATURE(kStrictOriginIsolation,
"StrictOriginIsolation",
- base::FEATURE_DISABLED_BY_DEFAULT);
+ base::FEATURE_ENABLED_BY_DEFAULT);
// Disallows window.{alert, prompt, confirm} if triggered inside a subframe that
// is not same origin with the main frame.