According to my notes: "A document can always update the location of another document if they have some relationship. Typical relationships include one document opened by the other via the window.open DOM API". I tried to test it by doing the following:
- Opened firefox and pointed it to https://www.google.com.
- On that tab, I opened the console tab and typed:
window.open("https://www.nzpost.co.nz". - I then switched tabs to the google tab and typed the following:
window.opener.location="https://www.bing.com".
This produced the following error:
Uncaught TypeError: window.opener is null <anonymous> debugger eval code:1
To my understanding, the nzpost tab should be able to access the location of the google tab. Am I wrong in my understanding of SOP or is this a browser specific security feature. I've also tested on edge with the same result.