W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2017

[suborigins] serializing of origins

From: Jochen Eisinger <eisinger@google.com>
Date: Fri, 07 Apr 2017 08:11:40 +0000
Message-ID: <CALjhuidFENc2YmVgastQogfw3sfxYmHs7MO_+wpiprLD1f6GSw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hey all,

I started to look at our suborigin implementation in blink, and one of the
things I was stumbling over was the serialization of an origin with a
suborigin, i.e. (scheme, host, port, suborigin) getting serialized to
${scheme}-so://${suborigin}.${host}:${port}/

It seems that the main reason for doing this is to break postMessage for
code that is not aware of suborigins. Is that the case?

If that was the case, have we considered other ways to break this, e.g.
make origin return the null value and add instead a new property to message
(e.g. initiator with two properties origin and suborigin)?

best
-jochen
Received on Friday, 7 April 2017 08:12:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC