- From: Marijn Kruisselbrink <notifications@github.com>
- Date: Fri, 17 Jun 2016 00:34:42 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc:
Received on Friday, 17 June 2016 07:35:11 UTC
I think in practice browsers do indeed serialize opaque origins as "null" in blob URLs, even though the spec might allow other things. So that part is fine. One of the features we'd lose if blob urls would no longer be same origin with their creator would be the feature discussed in whatwg/html#1322, the ability for a sandboxed iframe to start a worker using a blob URL. Something else that would break without this same originness is using fetch to read blobs in opaque origins (but creating a blob url and then fetching that). That more or less is why blink/webkit originally implemented this lookup for the origin (although in chrome it is slightly worse since the entire FileReader API is implemented in terms of fetching blob URLs. So FileReader was broken in opaque origins without this origin mapping. But that's more an implementation detail). --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/127#issuecomment-226701025
Received on Friday, 17 June 2016 07:35:11 UTC