julien51
commented
10 years ago Let's rather avoid conflicts using a SOP pattern. When the registration iframe is opened, we must check that the registered url matches the window.parent url's domain. If it does, then accept the subscription. If it does not, then, refuse it.
When 2 services register the same name, we should track and eventually blacklist any domain that's trying to hijack another service's name.