- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 07 Nov 2019 09:54:22 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 7 November 2019 17:54:24 UTC
The usage in https://fetch.spec.whatwg.org/#cross-origin-resource-policy-check could be done on top of origins entirely. HTML's https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to is also used by WebAuthn, but uses registrable domain and public suffix directly (and has to). I think HTML's algorithm could be used for cookies too, reading https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-5.1.3. HTML's agent stuff would be a little cleaner if you could obtain a site from an origin (i.e., "obtain an agent cluster key" renamed). No other uses come to mind, but it seems like you had at least one other and maybe Mike knows more. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/449#issuecomment-551191733
Received on Thursday, 7 November 2019 17:54:24 UTC