Comment

Comment on Firefox rolls out Total Cookie Protection by default to all desktop users worldwide | It is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created

monogram@feddit.nl ⁨2⁩ ⁨months⁩ ago

IIRC an iframe contents is treated as a separate window, so cookies aren’t shared either

Sort:hotnew top

Feyd@programming.dev ⁨2⁩ ⁨months⁩ ago
developer.mozilla.org/en-US/docs/…/postMessage

source
- monogram@feddit.nl ⁨2⁩ ⁨months⁩ ago
  That’s horrific WHY?
  
  do not add any event listeners for message events. This is a completely foolproof way to avoid security problems. 🤡🤡🤡🤡🤡🤡🤡🤡🤡🤡🤡
  
  source
Cosmicomical@lemmy.world ⁨2⁩ ⁨months⁩ ago
Sure, but the separate window can be on a different domain. Now you have a way to share cookies across multiple websites on different domains if all of them include an iframe to this external domain. And you can use in-browser messages (see window.postMessage()) to communicate between iframes and main window.

source
- monogram@feddit.nl ⁨2⁩ ⁨months⁩ ago
  Indeed see sibling comment programming.dev/comment/11983146
  
  source