- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 21 Apr 2022 23:58:09 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/690/1106074412@github.com>
Some thoughts: * I think a more ideal layering would probably move origin completely out of URL and have an API for it that throws on unknown schemes, which would make extensions a little safer. * For new schemes it very much depends how we compute the origin, see `blob:` URLs for a good example of that. So I don't think we can have a general rule. * If we add a new scheme to the web platform, I would expect us to make changes similar to how we did for `blob:` URLs. * Computing new opaque origins from URLs is important for HTML too if I remember correctly. If two nested documents navigate to the same `data:` URL, they should not end up sharing an origin and I think today that is the result of the URL->origin mapping. Of course, you could envision not relying on a URL->origin mapping here, but instead HTML special casing `data:` URLs. However, I think it is more generally sound that two such identical URLs do not share an authority. (I.e., I do think this makes sense, contrary to what @karwa said above.) Changes we could make to slightly improve the setup: * Perhaps we can change the API such that the `origin` member is not exposed outside of browsers somehow. I'm not sure how that would work given `Exposed=*`, but having something for (at least) Deno and Node.js came up before. * We could move origin computation elsewhere, but the API will continue to rely on it. This might strengthen the above point even further. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/690#issuecomment-1106074412 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/690/1106074412@github.com>
Received on Friday, 22 April 2022 06:58:20 UTC