[Webkit-unassigned] [Bug 203764] New: Setting document.domain to "example.test" throws a SecurityError
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 1 14:48:19 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=203764
Bug ID: 203764
Summary: Setting document.domain to "example.test" throws a
SecurityError
Product: WebKit
Version: Safari 13
Hardware: Macintosh
OS: macOS 10.15
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: tszynalski at antimoon.com
Apologies if this bug report is addressed incorrectly -- I'm not sure if this is an Apple bug or a WebKit bug.
In Safari 13.0.3 (Catalina), you cannot set document.domain to a superdomain of a domain which ends in ".test". The console reports "SecurityError: Attempted to use a non-registrable domain."
A page on a.somedomain.org can set document.domain to "somedomain.org".
A page on a.somedomain.example can set document.domain to "somedomain.example".
A page on a.somedomain.test CANNOT set document.domain to "somedomain.test".
The .test TLD is reserved for development and testing purposes. This error makes it impossible to test my Web app, which shares components across subdomains, without first moving it to a new domain.
I believe this behavior is contrary to the HTML spec:
https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to
I'm sorry I cannot provide a repro page -- the error only appears on pages in the .test domain, which are not publicly accessible.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191101/00f2f6c5/attachment.htm>
More information about the webkit-unassigned
mailing list