diff --git a/files/en-us/_redirects.txt b/files/en-us/_redirects.txt index b1764f061225121..373a4afa057661e 100644 --- a/files/en-us/_redirects.txt +++ b/files/en-us/_redirects.txt @@ -13430,7 +13430,7 @@ /en-US/docs/Web/HTTP/Headers/Feature-Policy/autoplay /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/autoplay /en-US/docs/Web/HTTP/Headers/Feature-Policy/camera /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/camera /en-US/docs/Web/HTTP/Headers/Feature-Policy/display-capture /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/display-capture -/en-US/docs/Web/HTTP/Headers/Feature-Policy/document-domain /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/document-domain +/en-US/docs/Web/HTTP/Headers/Feature-Policy/document-domain /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy /en-US/docs/Web/HTTP/Headers/Feature-Policy/encrypted-media /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/encrypted-media /en-US/docs/Web/HTTP/Headers/Feature-Policy/fullscreen /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/fullscreen /en-US/docs/Web/HTTP/Headers/Feature-Policy/gamepad /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/gamepad @@ -13487,7 +13487,7 @@ /en-US/docs/Web/HTTP/Headers/Permissions-Policy/compute-pressure /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/compute-pressure /en-US/docs/Web/HTTP/Headers/Permissions-Policy/cross-origin-isolated /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/cross-origin-isolated /en-US/docs/Web/HTTP/Headers/Permissions-Policy/display-capture /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/display-capture -/en-US/docs/Web/HTTP/Headers/Permissions-Policy/document-domain /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/document-domain +/en-US/docs/Web/HTTP/Headers/Permissions-Policy/document-domain /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy /en-US/docs/Web/HTTP/Headers/Permissions-Policy/encrypted-media /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/encrypted-media /en-US/docs/Web/HTTP/Headers/Permissions-Policy/fullscreen /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/fullscreen /en-US/docs/Web/HTTP/Headers/Permissions-Policy/gamepad /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/gamepad @@ -13630,6 +13630,7 @@ /en-US/docs/Web/HTTP/Public_Key_Pinning /en-US/docs/Web/Security/Certificate_Transparency /en-US/docs/Web/HTTP/Range_requests /en-US/docs/Web/HTTP/Guides/Range_requests /en-US/docs/Web/HTTP/Redirections /en-US/docs/Web/HTTP/Guides/Redirections +/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/document-domain /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy /en-US/docs/Web/HTTP/Resources_and_URIs /en-US/docs/Web/HTTP/Guides/MIME_types /en-US/docs/Web/HTTP/Resources_and_specifications /en-US/docs/Web/HTTP/Reference/Resources_and_specifications /en-US/docs/Web/HTTP/Response_codes /en-US/docs/Web/HTTP/Reference/Status diff --git a/files/en-us/_wikihistory.json b/files/en-us/_wikihistory.json index c6417eaced180dc..bbd15c3f6dd6c33 100644 --- a/files/en-us/_wikihistory.json +++ b/files/en-us/_wikihistory.json @@ -98922,10 +98922,6 @@ "modified": "2020-10-15T22:18:20.836Z", "contributors": ["sideshowbarker", "bershanskiy", "Sheppy"] }, - "Web/HTTP/Reference/Headers/Permissions-Policy/document-domain": { - "modified": "2020-10-15T22:11:41.981Z", - "contributors": ["bershanskiy", "chrisdavidmills", "sideshowbarker"] - }, "Web/HTTP/Reference/Headers/Permissions-Policy/encrypted-media": { "modified": "2020-10-15T22:10:28.002Z", "contributors": ["mfuji09", "bershanskiy", "fscholz"] diff --git a/files/en-us/web/api/document/domain/index.md b/files/en-us/web/api/document/domain/index.md index 58ec4aaaa5854ca..8500dcfe0bc7211 100644 --- a/files/en-us/web/api/document/domain/index.md +++ b/files/en-us/web/api/document/domain/index.md @@ -21,7 +21,7 @@ A string. ### Exceptions - `SecurityError` {{domxref("DOMException")}} - - : Use of this feature was blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Guides/Permissions_Policy). + - : The document is forbidden from setting its domain, for example it is sandboxed or has an opaque origin. See [Failures section](#failures) for details. ## Examples @@ -118,8 +118,6 @@ blanket exposure of all data caused by `document.domain`. The setter will throw a `SecurityError` {{domxref("DOMException")}} in several cases: -- The {{httpheader('Permissions-Policy/document-domain','document-domain')}} - {{HTTPHeader("Permissions-Policy")}} is disabled. - The document is inside a sandboxed {{htmlelement("iframe")}}. - The document has no {{glossary("browsing context")}}. - The document's [effective domain](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-effective-domain) is `null`. diff --git a/files/en-us/web/http/reference/headers/permissions-policy/document-domain/index.md b/files/en-us/web/http/reference/headers/permissions-policy/document-domain/index.md deleted file mode 100644 index f7b2aae165e5c9c..000000000000000 --- a/files/en-us/web/http/reference/headers/permissions-policy/document-domain/index.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: "Permissions-Policy: document-domain" -slug: Web/HTTP/Reference/Headers/Permissions-Policy/document-domain -page-type: http-permissions-policy-directive -status: - - experimental -browser-compat: http.headers.Permissions-Policy.document-domain ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Permissions-Policy")}} header -`document-domain` directive controls whether the current document is -allowed to set {{domxref("document.domain")}}. - -Specifically, where a defined policy blocks use of this feature, attempting -to set {{domxref("document.domain")}} will fail and cause a `SecurityError` -{{domxref("DOMException")}} to be thrown. - -## Syntax - -```http -Permissions-Policy: document-domain=; -``` - -- `` - - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy#syntax) for more details. - -## Default policy - -The default allowlist for `document-domain` is `*`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Permissions-Policy")}} header -- [Permissions Policy](/en-US/docs/Web/HTTP/Guides/Permissions_Policy) diff --git a/files/en-us/web/security/same-origin_policy/index.md b/files/en-us/web/security/same-origin_policy/index.md index 2306a6d81010069..2f4c3162103024a 100644 --- a/files/en-us/web/security/same-origin_policy/index.md +++ b/files/en-us/web/security/same-origin_policy/index.md @@ -55,7 +55,7 @@ Afterward, the page can pass the same-origin check with `http://company.com/dir/ The port number is checked separately by the browser. Any call to `document.domain`, including `document.domain = document.domain`, causes the port number to be overwritten with `null`. Therefore, one **cannot** make `company.com:8080` talk to `company.com` by only setting `document.domain = "company.com"` in the first. It has to be set in both so their port numbers are both `null`. -The mechanism has some limitations. For example, it will throw a `SecurityError` [`DOMException`](/en-US/docs/Web/API/DOMException) if the [`document-domain`](/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/document-domain) [`Permissions-Policy`](/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy) is enabled or the document is in a sandboxed [`