Bug 26143 - SecurityOrigin should probably be split into Origin and EffectiveScriptOrigin
Summary: SecurityOrigin should probably be split into Origin and EffectiveScriptOrigin
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P3 Normal
Assignee: Nobody
Depends on:
Reported: 2009-06-02 11:05 PDT by Jeremy Orlow
Modified: 2009-06-02 11:49 PDT (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Orlow 2009-06-02 11:05:39 PDT
Adam Barth said:
> I think HTML 5 has notions of "origin" and "effective script origin"
> (or some such) that separate these two concepts.  It might be worth
> syncing up our internal names with the spec to make these concepts
> more accessible to future developers.

I tend to agree.  Most of the new HTML 5 interfaces use "same origin policy" which is intentionally much simpler than ll the effective script origin and cookie access policies from older interfaces.

Internally, the SecurityOrigin object is used to track origin information.  HTML5 databases and localStorage (and probably others) use a subset of their interface but also use them in a somewhat different manner than the rest of WebKit (they're used in an immutable way and there can easily be multiple SecurityOrigin objects for the same origin).  It probably makes sense to split SecurityOrigin into 2 classes so that this distinction is more clear and there's less room for error.

For reference, I believe these 2 mails contain all the points of the thread: