Regressed Setting document.domain doesn’t change the port, may cause permission errors

Published: | Categories: DOM Privacy & Security

Description

It’s possible to set the document.domain property so that documents from different subdomains, usually a parent page and an <iframe> page, can talk to each other. When changing the origin in this way, the port number of the document will be null. On Firefox 48, however, the port number is not overwritten, and therefore access between documents on different ports will fail unless they set the same port number with document.domain. This regression, causing “permission denied” errors due to a same-origin policy violation, has been fixed with Firefox 49.

References