Bug 26143 - SecurityOrigin should probably be split into Origin and EffectiveScriptOrigin
: SecurityOrigin should probably be split into Origin and EffectiveScriptOrigin
Status: NEW
: WebKit
New Bugs
: 528+ (Nightly build)
: All All
: P3 Normal
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2009-06-02 11:05 PST by
Modified: 2009-06-02 11:49 PST (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-06-02 11:05:39 PST
Adam Barth said:
> I think HTML 5 has notions of "origin" and "effective script origin"
> (or some such) that separate these two concepts.  It might be worth
> syncing up our internal names with the spec to make these concepts
> more accessible to future developers.

I tend to agree.  Most of the new HTML 5 interfaces use "same origin policy" which is intentionally much simpler than ll the effective script origin and cookie access policies from older interfaces.

Internally, the SecurityOrigin object is used to track origin information.  HTML5 databases and localStorage (and probably others) use a subset of their interface but also use them in a somewhat different manner than the rest of WebKit (they're used in an immutable way and there can easily be multiple SecurityOrigin objects for the same origin).  It probably makes sense to split SecurityOrigin into 2 classes so that this distinction is more clear and there's less room for error.

For reference, I believe these 2 mails contain all the points of the thread:
http://lists.macosforge.org/pipermail/webkit-dev/2009-June/008038.html
http://lists.macosforge.org/pipermail/webkit-dev/2009-June/008043.html