Bug 256241

Summary: setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin
Product: WebKit Reporter: Marcos Caceres <marcosc>
Component: WebKit Misc.Assignee: Marcos Caceres <marcosc>
Status: NEW ---    
Severity: Normal CC: ahmad.saleem792, webkit-bug-importer
Priority: P2 Keywords: InRadar, WPTImpact
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
URL: https://wpt.live/badging/setAppBadge_cross_origin.sub.https.html

Description Marcos Caceres 2023-05-02 18:52:16 PDT 
As per spec, setAppBadge() should reject with SecurityError if child iframe is not same origin-domain as top-origin.

Updated spec change:
https://github.com/w3c/badging/pull/107

Relevant test: 
LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.html
Comment 1 Marcos Caceres 2023-05-02 18:53:29 PDT 
<rdar://problem/107109904>
Comment 2 Marcos Caceres 2023-05-02 18:55:21 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/13389