Define "same-origin"

Question

Define "same-origin"

annevk opened this issue 9 years ago · 4 comments

Per lore.txt.

Answer 1 · 2015-10-22T04:07:52.000Z

Tentative idea is to take the entry script settings object's origin and compare that to the Location object's Realm's origin and also compare it to Location object's relevant Document's origin.

lore.txt is not entirely clear on the matter unfortunately.

Answer 2 · 2015-10-22T04:44:44.000Z

Why would we ever use the entry script settings object for this? Why does it matter where script got entered?

In lore.txt the matter is simple, I think: when you invoke the getter of the "location" property on a Window and that Windows is not same-origin with you ("you" being the incumbent settings object) you get back a "cross-origin" Location instance.

Or put another way, any time seeing the prototype of a Location object would expose some object other than a Location instance or WindowProxy across origins, you have to get a "cross-origin" location instance.

At least modulo document.domain. I'm not sure what the intended interactions are there, though @bholley would know.

Answer 3 · 2015-10-24T00:24:16.000Z

Yes, we want incumbent here, not entry.

Answer 4 · 2015-10-24T00:24:45.000Z

And the current proposal on the table for solving the document.domain identity issue is to eliminate minting.