Bug 168022

Summary:

document.origin doesn't match spec

Product:

WebKit

Reporter:

Boris Zbarsky <bzbarsky>

Component:

DOM

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, ap, buildbot, cdumez, commit-queue, dbates, esprehn+autocc, kangil.han, mcatanzaro, mike, mkwst, rniwa

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=17352
https://bugs.webkit.org/show_bug.cgi?id=115643

Attachments:

Description	Flags
WIP Patch	none
Archive of layout-test-results from ews104 for mac-elcapitan-wk2	none
Patch	none

Boris Zbarsky

Reported 2017-02-08 15:00:45 PST

STEPS TO REPRODUCE: 1) Load https://webkit.org 2) Evaluate document.origin in the console. EXPECTED RESULTS: Returns "https://webkit.org" ACTUAL RESULTS: Returns "https_webkit.org_0 DETAILS: Spec is at https://dom.spec.whatwg.org/#dom-document-origin

Attachments
WIP Patch (5.54 KB, patch) 2017-02-10 15:58 PST, Chris Dumez	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews104 for mac-elcapitan-wk2 (1.11 MB, application/zip) 2017-02-10 16:41 PST, Build Bot	no flags	Details
Patch (11.10 KB, patch) 2017-02-10 19:10 PST, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2017-02-08 15:07:00 PST

I can reproduce. Thanks for the bug report. I'll take a look soon.

Boris Zbarsky

Comment 2 2017-02-09 08:42:48 PST

Note that there is a proposal from Blink to just remove document.origin altogether in favor of self.origin.

Chris Dumez

Comment 3 2017-02-10 15:58:10 PST

Created attachment 301208 [details] WIP Patch

Build Bot

Comment 4 2017-02-10 16:41:43 PST

Comment on attachment 301208 [details] WIP Patch Attachment 301208 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3065179 New failing tests: http/tests/media/media-stream/enumerate-devices-source-id-persistent.html

Build Bot

Comment 5 2017-02-10 16:41:47 PST

Created attachment 301214 [details] Archive of layout-test-results from ews104 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Boris Zbarsky

Comment 6 2017-02-10 18:51:31 PST

Chris, I'm not sure whether you saw comment 2?

Chris Dumez

Comment 7 2017-02-10 19:10:20 PST

Created attachment 301237 [details] Patch

Chris Dumez

Comment 8 2017-02-10 19:12:36 PST

(In reply to comment #6) > Chris, I'm not sure whether you saw comment 2? I saw. I don't think we would remove it short-term though. So for now, it is better to match the spec and other shipping browsers. If we end up removing it later on (after we implement self.origin), so be it.

WebKit Commit Bot

Comment 9 2017-02-10 20:42:13 PST

Comment on attachment 301237 [details] Patch Clearing flags on attachment: 301237 Committed r212178: <http://trac.webkit.org/changeset/212178>

WebKit Commit Bot

Comment 10 2017-02-10 20:42:20 PST

All reviewed patches have been landed. Closing bug.

Alexey Proskuryakov

Comment 11 2017-02-13 09:33:34 PST

This code was added in https://trac.webkit.org/changeset/164036, and it's really surprising if it wasn't breaking a whole lot of things besides the visible value of document.origin. Is it really not used anywhere else in the engine? +PassRefPtr<Document> Document::create(ScriptExecutionContext& context) +{ + RefPtr<Document> document = adoptRef(new Document(nullptr, URL())); + document->setSecurityOrigin(context.securityOrigin()); + return document; +} + ... +String Document::origin() const +{ + return securityOrigin()->databaseIdentifier(); +} +

Chris Dumez

Comment 12 2017-02-13 09:38:07 PST

(In reply to comment #11) > This code was added in https://trac.webkit.org/changeset/164036, and it's > really surprising if it wasn't breaking a whole lot of things besides the > visible value of document.origin. Is it really not used anywhere else in the > engine? > > +PassRefPtr<Document> Document::create(ScriptExecutionContext& context) > +{ > + RefPtr<Document> document = adoptRef(new Document(nullptr, URL())); > + document->setSecurityOrigin(context.securityOrigin()); > + return document; > +} > + > > ... > > +String Document::origin() const > +{ > + return securityOrigin()->databaseIdentifier(); > +} > + What do you mean by anywhere *else*. Document::origin() is not used *anywhere* in the engine and therefore my patch only changes the value exposed to the Web to match the specification and other browsers. Our internal code relies on securityOrigin(), not origin().

Alexey Proskuryakov

Comment 13 2017-02-13 10:16:15 PST

As the diff shows, the original change was setting securityOrigin from origin, so both were incorrect.

Alexey Proskuryakov

Comment 14 2017-02-13 10:30:14 PST

Sorry, misread the original patch.

Note You need to log in before you can comment on or make changes to this bug.