Physical serving-domain isolation
Share URLs and content URLs run on different origins. Thanks to the browser's Same-Origin Policy, served HTML cannot read cookies or credentials from the main side.
- Share URLs on briefroom.net, content URLs on user-content.briefroom.net — separated at the origin level
- Served HTML is loaded in an iframe so Same-Origin Policy applies
- Public Suffix List registration filed. Cookies cannot be shared across share links by construction
- The rule "never serve user HTML from the main domain" is codified as an absolute design invariant
