|
|
|
|
|
|
by discreditable
3068 days ago
|
|
|
> Should we not decide that cross-origin window.opener is now deprecated, show big fat warnings on the developer console when it's used, and remove it in a year or two? That does nothing for deployed sites that aren't actively developed? Browser devs have decided those sites are worth not breaking. |
|
|
If browsers enforce HTTPS in a similar way, I don't see why they shouldn't enforce better security elsewhere as well.