The SFR FDP_SOP_EXT.1.1 indicates the browser shall only permit scripts contained in one web page to access data in a second web page if both pages are from the same origin. However, Test 2 states that "the evaluator shall verify that the scripts can retrieve content from another window/tab at a different subdomain."

This test does not comply with the same origin policy (per RFC 6454) and should not allow the scripts to retrieve content from another window/tab at a different subdomain.  

Test 2 for FDP_SOP_EXT.1 in PP_APP_WEBBROWSER_EP_v2.0 is updated as follows with underline indicating additions: 

• Test 2: The evaluator shall verify that the scripts cannot retrieve content from another window/tab at a different subdomain.

The issue is that test 2 incorrectly states that a evaluator shall verify that the scripts can retrieve content from another window/tab at a different subdomain.

This does not comply with same origin policy as defined in RFC 6454.