Open devd opened 8 years ago
ohh .. didn't know that. do you have a link explaining this?
On 9 May 2016 at 10:23, Anne van Kesteren notifications@github.com wrote:
Note that apart from document.origin, we also have self.origin these days. They are subtly different in edge cases.
— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/w3c/webappsec-suborigins/issues/35#issuecomment-217930023
https://github.com/whatwg/html/pull/951#issuecomment-205835647 is the best I have thus far.
@jeisinger thoughts on this?
I'd propose to go with self.suborigin to mirror self.origin. As @annevk pointed out, document.origin is deprecated
We could also go with self.origin returning the ExtendedOrigin object similar to what we did in postMessage. That seems cleaner IMO.
That kind of generalization would work better for Origin Isolation too (I think we'd want to expose that to JavaScript, though I don't think we want to change postMessage()
for it).
Note that apart from document.origin, we also have self.origin these days. They are subtly different in edge cases.