The Presentation API imposes a well-defined environment for the receiving browsing context when it is created, but it does not say anything about nested browsing contexts that this browsing context could create (e.g. with an <iframe>).

I'm not clear how the restrictions on cookies, Application cache, Permissions, IndexedDB, Web Storage, and Service Workers propagate to nested browsing contexts in particular. Should the spec rather attach the steps that deal with these constraints to the create a browsing context algorithm in HTML so that they apply to all browsing contexts on the receiving side?

(This issue is unrelated to but still triggered by the discussion around [SameObject] and receiving browsing contexts in #365)

The behavior of navigator.presentation.receiver is also not clear, since the steps to monitor incoming presentation connections don't state explicitly which receiving browsing contexts they run in.

CC @zhaobin2016

After internal discussion, we propose that navigator.presentation.receiver is only non-null in the top level receiving browsing context (not nested contexts).

Also the same restrictions on the top-level receiving browsing context should apply to nested contexts.

This was addressed by PR #395 (which erroneously referred to a different issue).