WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -172,6 +172,8 @@ public suffix list: list of all eTLDs
registrable domain: subdomain exactly one level below an eTLD, such that the domain and all further sub-domains are registered to a single tenant
rendering processes: processes or other execution contexts, that handle the execution or rendering of website assets
site: logical security boundary defined by scheme and registrable domain
third-party cookies: cookies keyed to a site other than the top-level site
@@ -524,6 +526,8 @@ Applicability: Extensions installed via the product's extension distribution cha
**[REQ-STORE-ACC-2]** The product shall not share or make data available across browser profiles.
**[REQ-STORE-ACC-3]** The product shall enforce Same Origin Policy access control for storage data outside rendering processes.
**[REQ-SOP-AAC-1]**: The product shall deny access in one origin to all parts of another origin, except as defined in the user documentation.
Example: Web pages may load images from other origins, message using `window.postMessage` and may access limited properties such as `Location`. Web pages may not access the document object model or global Window scope from scripts of other origins. The user documentation references industry standards with implementation recommendations and additinal examples.
