Currently the parentOrigin option on connectToParent is optional but highly recommended. If it isn't specified, the child is allowed to communicate with any parent origin (rather than a specific parent origin). Instead, I think it should be required, and if a developer would like the child to communicate with any parent origin, they should provide a value of *. This change would force developers to consider the ramifications for their applications and make a more deliberate decision.
Currently the
parentOriginoption onconnectToParentis optional but highly recommended. If it isn't specified, the child is allowed to communicate with any parent origin (rather than a specific parent origin). Instead, I think it should be required, and if a developer would like the child to communicate with any parent origin, they should provide a value of*. This change would force developers to consider the ramifications for their applications and make a more deliberate decision.