Re: [w3ctag/design-reviews] Review origin policy. (#127)

To explain a bit on suborigins. Currently a suborigin is created once you see a response for a request that ends up creating a global object of sorts, based on a header that contains an identifier. So you don't know ahead of time whether something will end up being a suborigin and therefore you can't do things like give them different cookies.

Now, if you changed that and required an origin-wide policy, you could say how URLs within an origin map to a suborigin and the user agent would then know that ahead of time. That has some benefits in that you can do things like suborigins cookies. Drawbacks are gating the feature on origin-wide policy working out and making it harder to setup new suborigins on large sites (as it's tightly coupled with management of a single resource).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/127#issuecomment-298220091

Received on Sunday, 30 April 2017 08:53:51 UTC