- From: Mike West <notifications@github.com>
- Date: Tue, 05 Aug 2025 05:55:49 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/1130@github.com>
mikewest created an issue (w3ctag/design-reviews#1130) ### Explainer https://github.com/mikewest/origin-api/ ### The explainer - [x] Includes the information requested by the [Explainer Explainer](https://w3ctag.github.io/explainer-explainer/#introduction). - [x] Follows the [Web Platform Design Principles](https://www.w3.org/TR/design-principles/). - [ ] Includes or links to answers to the [Security/Privacy Questionnaire](https://www.w3.org/TR/security-privacy-questionnaire/). - [ ] Describes user research you did to validate the problem and/or design. ### Where and by whom is the work is being done? - GitHub repo: https://github.com/mikewest/origin-api/ - Primary contacts: - @mikewest, Google, Chrome - Organization/project driving the design: Chrome. - This work is being funded by: Google. - Incubation and standards groups that have discussed the design: - Nada. - Standards group(s) that you expect to discuss and/or adopt this work when it's ready: HTML @ WHATWG ### Feedback so far - Multi-stakeholder feedback: - Chromium comments: I like it. @domenic didn't hate it. - Mozilla comments: https://github.com/mozilla/standards-positions/issues/1280 - WebKit comments: https://github.com/WebKit/standards-positions/issues/538 - Some conversation around https://github.com/whatwg/urlpattern/issues/275 - Major unresolved issues with or opposition to this design: - @annevk noted in the URLPattern thread linked directly above that the specific case of `postMessage()` validation could be satisfied with a narrower matching API that encouraged developers to think about more than the origin, which is a reasonable suggestion. ### You should also know that... * There's some relationship to @annevk's https://github.com/whatwg/url/pull/288, though I think that aims to solve a distinct problem. * This would be, I think, the first place we'd directly expose the "same-site" concept in a way that enabled comparison. * This proposal derives a "site" from an origin (a la HTML's "[obtain a site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site)" and "[same site](https://html.spec.whatwg.org/multipage/browsers.html#same-site)" definitions), and exposes it as a property of that concept. It could also be reasonable to expose it through the aforementioned `URLHost` proposal, or more directly on a URL. IMO, none of those are mutually exclusive, and I can see reasonable arguments for several of them (`URLHost`, for instance, seems particularly well-suited to explain the "[schemelessly same site](https://html.spec.whatwg.org/multipage/browsers.html#schemelessly-same-site)" concept, <!-- Content below this is maintained by @w3c-tag-bot --> --- Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1130 -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1130 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1130@github.com>
Received on Tuesday, 5 August 2025 12:55:53 UTC