[compute-pressure] Does the privacy test need a same origin-domain or a same origin check? (#187) from Raphael Kubo da Costa via GitHub on 2023-02-21 (public-device-apis-log@w3.org from February 2023)

From: Raphael Kubo da Costa via GitHub <sysbot+gh@w3.org>
Date: Tue, 21 Feb 2023 10:31:06 +0000
To: public-device-apis-log@w3.org
Message-ID: <issues.opened-1593225656-1676975464-sysbot+gh@w3.org>

rakuco has just created a new issue for https://github.com/w3c/compute-pressure:

== Does the privacy test need a same origin-domain or a same origin check? ==
In other words, do we need to check for https://html.spec.whatwg.org/multipage/browsers.html#same-origin or https://html.spec.whatwg.org/multipage/browsers.html#same-origin-domain?

AFAICS the latter (which we currently use) just takes `document.document` into consideration compared to the "same origin" check.

I am not informed enough to know which to choose, so this is an honest question. Looking at https://dontcallmedom.github.io/webdex/s.html, "same origin-domain" is used by fewer specs, and https://bugs.chromium.org/p/chromium/issues/detail?id=1027191#c6 says _"Specs use 'same origin' in pretty much all cases except where forced to otherwise for compat reasons.  On particular, any modern spec is likely to not use 'same origin-domain' at all"_.

Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/187 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 21 February 2023 10:31:07 UTC