Re: [w3ctag/design-reviews] Deprecating `document.domain`. (#564)

> Some data that may be useful: `document.domain` appears to be used in ~9.4% of pages in the HTTP Archive corpus ([source](https://docs.google.com/spreadsheets/d/1sMWXWjMujqfAREYxNbG_t1fOJKYCA6ASLwtz4pBQVTw/edit#gid=1936194362), filter by feature containing `DocumentDomain`), though it's [slowly declining](https://lighthouse-ci-staging-dot-cr-status.appspot.com/metrics/feature/timeline/popularity/2026).

Thanks for pointing this out! `document.domain` is indeed _very_ widely set, but it typically has no effect on a page's behavior. The [`DocumentDomainEnabledCrossOriginAccess`](https://lighthouse-ci-staging-dot-cr-status.appspot.com/metrics/feature/timeline/popularity/2544) and [`DocumentDomainBlockedCrossOriginAccess`](https://lighthouse-ci-staging-dot-cr-status.appspot.com/metrics/feature/timeline/popularity/2543) features count the pages upon which `document.domain` changed an access control check's result from what it would have been had the setter not been used. As the spreadsheet you've cited above notes, those cases are two orders of magnitude more rare in HTTP Archive, which aligns roughly with Chrome's telemetry.

I dug (though not to much depth...) into the latter set of cases to [form some initial impressions](https://github.com/mikewest/deprecating-document-domain/#do-we-know-anything-useful-about-the-04-usage-noted-above). It seems that there are a handful of entities that could end up being responsible for a substantial number of those pages, which makes me hopeful that change is possible.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/564#issuecomment-757440835