(I'll send a PR, just creating an issue to assign myself to remember for now and start discussion)
The Same-Origin security boundaries implied by the public suffix list (for things like cookies, domain lowering, etc) are built into browsers, and they are discoverable by resources, but there is not a simple and straightforward way to perform a test or determine the boundary. It would be great if there was a way to simply ask a browser for a given URL what it's view of the first delegated name is. (e.g. for "https://www.google.com" or "https://abc.xyz.www.google.com" it is "https://google.com", for "https://test.parseapp.com" it is "https://test.parseapp.com", for "file:///anythingatall" it is null.
cc: @equalsJeffH
(I'll send a PR, just creating an issue to assign myself to remember for now and start discussion)
The Same-Origin security boundaries implied by the public suffix list (for things like cookies, domain lowering, etc) are built into browsers, and they are discoverable by resources, but there is not a simple and straightforward way to perform a test or determine the boundary. It would be great if there was a way to simply ask a browser for a given URL what it's view of the first delegated name is. (e.g. for "https://www.google.com" or "https://abc.xyz.www.google.com" it is "https://google.com", for "https://test.parseapp.com" it is "https://test.parseapp.com", for "file:///anythingatall" it is null.