document.suborigin or something should allow JS to detect if in suborigin

w3c / webappsec-suborigins

Suborigins

https://w3c.github.io/webappsec-suborigins/

Other

25 stars 9 forks source link

document.suborigin or something should allow JS to detect if in suborigin #35

Open devd opened 8 years ago

annevk commented 8 years ago

Note that apart from document.origin, we also have self.origin these days. They are subtly different in edge cases.

devd commented 8 years ago

ohh .. didn't know that. do you have a link explaining this?

On 9 May 2016 at 10:23, Anne van Kesteren notifications@github.com wrote:

Note that apart from document.origin, we also have self.origin these days. They are subtly different in edge cases.

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/w3c/webappsec-suborigins/issues/35#issuecomment-217930023

annevk commented 8 years ago

https://github.com/whatwg/html/pull/951#issuecomment-205835647 is the best I have thus far.

devd commented 7 years ago

@jeisinger thoughts on this?

jeisinger commented 7 years ago

I'd propose to go with self.suborigin to mirror self.origin. As @annevk pointed out, document.origin is deprecated

devd commented 7 years ago

We could also go with self.origin returning the ExtendedOrigin object similar to what we did in postMessage. That seems cleaner IMO.

annevk commented 6 years ago

That kind of generalization would work better for Origin Isolation too (I think we'd want to expose that to JavaScript, though I don't think we want to change postMessage() for it).