Bug 26143

Summary: SecurityOrigin should probably be split into Origin and EffectiveScriptOrigin
Product: WebKit Reporter: Jeremy Orlow <jorlow>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: abarth, sam
Priority: P3    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

Description Jeremy Orlow 2009-06-02 11:05:39 PDT
Adam Barth said:
> I think HTML 5 has notions of "origin" and "effective script origin"
> (or some such) that separate these two concepts.  It might be worth
> syncing up our internal names with the spec to make these concepts
> more accessible to future developers.

I tend to agree.  Most of the new HTML 5 interfaces use "same origin policy" which is intentionally much simpler than ll the effective script origin and cookie access policies from older interfaces.

Internally, the SecurityOrigin object is used to track origin information.  HTML5 databases and localStorage (and probably others) use a subset of their interface but also use them in a somewhat different manner than the rest of WebKit (they're used in an immutable way and there can easily be multiple SecurityOrigin objects for the same origin).  It probably makes sense to split SecurityOrigin into 2 classes so that this distinction is more clear and there's less room for error.

For reference, I believe these 2 mails contain all the points of the thread:
http://lists.macosforge.org/pipermail/webkit-dev/2009-June/008038.html
http://lists.macosforge.org/pipermail/webkit-dev/2009-June/008043.html