[w3ctag/design-reviews] Incubation: An `Origin` Object (Issue #1130)

mikewest created an issue (w3ctag/design-reviews#1130)

### Explainer

https://github.com/mikewest/origin-api/

### The explainer

- [x] Includes the information requested by the [Explainer Explainer](https://w3ctag.github.io/explainer-explainer/#introduction).
- [x] Follows the [Web Platform Design Principles](https://www.w3.org/TR/design-principles/).
- [ ] Includes or links to answers to the [Security/Privacy Questionnaire](https://www.w3.org/TR/security-privacy-questionnaire/).
- [ ] Describes user research you did to validate the problem and/or design.

### Where and by whom is the work is being done?

- GitHub repo: https://github.com/mikewest/origin-api/
- Primary contacts:
  - @mikewest, Google, Chrome
- Organization/project driving the design: Chrome.
- This work is being funded by: Google.
- Incubation and standards groups that have discussed the design:
  - Nada.
- Standards group(s) that you expect to discuss and/or adopt this work when it's
  ready: HTML @ WHATWG


### Feedback so far

- Multi-stakeholder feedback:
  - Chromium comments: I like it. @domenic didn't hate it.
  - Mozilla comments: https://github.com/mozilla/standards-positions/issues/1280
  - WebKit comments: https://github.com/WebKit/standards-positions/issues/538
  - Some conversation around https://github.com/whatwg/urlpattern/issues/275
- Major unresolved issues with or opposition to this design:
  - @annevk noted in the URLPattern thread linked directly above that the specific case of `postMessage()` validation could be satisfied with a narrower matching API that encouraged developers to think about more than the origin, which is a reasonable suggestion.


### You should also know that...

* There's some relationship to @annevk's https://github.com/whatwg/url/pull/288, though I think that aims to solve a distinct problem.

* This would be, I think, the first place we'd directly expose the "same-site" concept in a way that enabled comparison.

* This proposal derives a "site" from an origin (a la HTML's "[obtain a site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site)" and "[same site](https://html.spec.whatwg.org/multipage/browsers.html#same-site)" definitions), and exposes it as a property of that concept. It could also be reasonable to expose it through the aforementioned `URLHost` proposal, or more directly on a URL. IMO, none of those are mutually exclusive, and I can see reasonable arguments for several of them (`URLHost`, for instance, seems particularly well-suited to explain the "[schemelessly same site](https://html.spec.whatwg.org/multipage/browsers.html#schemelessly-same-site)" concept,

<!-- Content below this is maintained by @w3c-tag-bot -->
---

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1130


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1130
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1130@github.com>

Received on Tuesday, 5 August 2025 12:55:53 UTC