Mark S. Miller wrote:
>
>
>     http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html
>
> So regarding this issue, what does it say?

You want me to read and interpret and digest it for ya? :-P

Changing document.domain changes effective script origin, which affects 
some but not all security judgments. Basically the old-school ones that 
predate CORS; also images/media/fonts are not affected. But web compat 
still requires content in connected windows w1 and w2, loaded from 
foo.bar.com and baz.bar.com respectively, to be able to join origins at 
bar.com.

/be

You want me to read and interpret and digest it for ya? :-P

Changing document.domain changes effective script origin, which affects 
some but not all security judgments. Basically the old-school ones that 
predate CORS; also images/media/fonts are not affected. But web compat 
still requires content in connected windows w1 and w2, loaded from 
foo.bar.com and baz.bar.com respectively, to be able to join origins at 
bar.com.