What rights are granted to the application's origin beyond what an ordinary website has in a browser? Obviously you want to grant some additional rights, but I'd prefer to grant it only the minimum necessary for my application.
Are third party origins granted special rights beyond what an ordinary website has in a browser? Embedding or redirecting to untrusted websites should be safe. Is it possible to block loading external content except from whitelisted origins?
What rights are granted to the application's origin beyond what an ordinary website has in a browser? Obviously you want to grant some additional rights, but I'd prefer to grant it only the minimum necessary for my application.
Are third party origins granted special rights beyond what an ordinary website has in a browser? Embedding or redirecting to untrusted websites should be safe. Is it possible to block loading external content except from whitelisted origins?