Add Origin API

mikewest · annevk · web-flow · commit 68909b2526d2 · 2025-12-04T08:37:01.000+01:00
This standardizes the work first discussed at https://github.com/mikewest/origin-api. Changes to URL and Service Workers forthcoming to define "extract an origin" for relevant objects. See also discussion in w3ctag/design-reviews#1130, WebKit/standards-positions#538, and mozilla/standards-positions#1280. Co-authored-by: Anne van Kesteren <annevk@annevk.nl>
diff --git a/source b/source
@@ -26079,6 +26079,19 @@ document.body.appendChild(wbr);</code></pre>
   <p>An element implementing the <code>HTMLHyperlinkElementUtils</code> mixin has an associated <dfn
   data-x="concept-hyperlink-url">url</dfn> (null or a <span>URL</span>). It is initially null.
 
+  <div algorithm>
+  <p>An element implementing the <code>HTMLHyperlinkElementUtils</code> mixin has the following
+  <span>extract an origin</span> steps:</p>
+
+  <ol>
+   <li><p>If <span>this</span>'s <span data-x="concept-hyperlink-url">url</span> is null, then
+   return null.</p></li>
+
+   <li><p>Return <span>this</span>'s <span data-x="concept-hyperlink-url">url</span>'s
+   <span data-x="concept-url-origin">origin</span>.</p></li>
+  </ol>
+  </div>
+
   <div algorithm>
   <p>An element implementing the <code>HTMLHyperlinkElementUtils</code> mixin has an associated <dfn
   data-x="concept-hyperlink-url-set">set the url</dfn> algorithm, which runs these steps:</p>
@@ -92501,6 +92514,99 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
 
   </div>
 
+  <h5>The <code data-x="dom-Origin-interface">Origin</code> interface</h5>
+
+  <p>The <code data-x="dom-Origin-interface">Origin</code> interface represents an
+  <span>origin</span>, allowing robust <span>same origin</span> and <span>same site</span>
+  comparisons.</p>
+
+  <pre><code class="idl">[Exposed=*]
+interface <dfn interface data-x="dom-Origin-interface">Origin</dfn> {
+  <span data-x="dom-Origin-constructor">constructor</span>();
+
+  static <span data-x="dom-Origin-interface">Origin</span> <span data-x="dom-Origin-from">from</span>(any <var ignore>value</var>);
+
+  readonly attribute boolean <span data-x="dom-Origin-opaque">opaque</span>;
+
+  boolean <span data-x="dom-Origin-isSameOrigin">isSameOrigin</span>(<span data-x="dom-Origin-interface">Origin</span> <var ignore>other</var>);
+  boolean <span data-x="dom-Origin-isSameSite">isSameSite</span>(<span data-x="dom-Origin-interface">Origin</span> <var ignore>other</var>);
+};</code></pre>
+
+  <p><code data-x="dom-Origin-interface">Origin</code> objects have an associated <dfn for="Origin"
+  data-x="concept-Origin-origin">origin</dfn>, which holds an <span>origin</span>.</p>
+
+  <p><span data-x="platform object">Platform objects</span> have an <dfn for="platform object"
+  export>extract an origin</dfn> operation, which returns null unless otherwise specified.</p>
+
+  <div algorithm>
+  <p>Objects implementing the <code data-x="dom-Origin-interface">Origin</code> interface's
+  <span>extract an origin</span> steps are to return <span>this</span>'s <span
+  data-x="concept-Origin-origin">origin</span>.</p>
+  </div>
+
+  <div algorithm>
+  <p>The <dfn constructor for="Origin"><code
+  data-x="dom-Origin-constructor">new Origin()</code></dfn> constructor steps are to set
+  <span>this</span>'s <span data-x="concept-Origin-origin">origin</span> to a unique <span
+  data-x="concept-origin-opaque">opaque origin</span>.</p>
+  </div>
+
+  <div algorithm>
+  <p>The static <dfn method for="Origin"><code
+  data-x="dom-Origin-from">from(<var>value</var>)</code></dfn> method steps are:</p>
+
+  <ol>
+   <li>
+    <p>If <var>value</var> is a <span>platform object</span>:</p>
+    <ol>
+     <li><p>Let <var>origin</var> be the result of executing <var>value</var>'s <span>extract an
+     origin</span> operation.</p></li>
+
+     <li><p>If <var>origin</var> is not null, then return a new <code
+     data-x="dom-Origin-interface">Origin</code> object whose <span
+     data-x="concept-Origin-origin">origin</span> is <var>origin</var>.</p></li>
+    </ol>
+   </li>
+
+   <li>
+    <p>If <var>value</var> is a <span>string</span>:</p>
+    <ol>
+     <li><p>Let <var>parsedURL</var> be the result of <span data-x="basic url parser">basic URL
+     parsing</span> <var>value</var>.</p></li>
+
+     <li><p>If <var>parsedURL</var> is not failure, then return a new <code
+     data-x="dom-Origin-interface">Origin</code> object whose <span
+     data-x="concept-Origin-origin">origin</span> is set to <var>parsedURL</var>'s <span
+     data-x="concept-url-origin">origin</span>.</p></li>
+    </ol>
+   </li>
+
+   <li><p>Throw a <code>TypeError</code>.</p></li>
+  </ol>
+  </div>
+
+  <div algorithm>
+  <p>The <dfn attribute for="Origin"><code data-x="dom-Origin-opaque">opaque</code></dfn> getter
+  steps are to return true if <span>this</span>'s <span data-x="concept-Origin-origin">origin</span>
+  is an <span data-x="concept-origin-opaque">opaque origin</span>; otherwise false.</p>
+  </div>
+
+  <div algorithm>
+  <p>The <dfn method for="Origin"><code
+  data-x="dom-Origin-isSameOrigin">isSameOrigin(<var>other</var>)</code></dfn> method steps are to
+  return true if <span>this</span>'s <span data-x="concept-Origin-origin">origin</span> is
+  <span>same origin</span> with <var>other</var>'s <span
+  data-x="concept-Origin-origin">origin</span>; otherwise false.</p>
+  </div>
+
+  <div algorithm>
+  <p>The <dfn method for="Origin"><code
+  data-x="dom-Origin-isSameSite">isSameSite(<var>other</var>)</code></dfn> method steps are to
+  return true if <span>this</span>'s <span data-x="concept-Origin-origin">origin</span> is
+  <span>same site</span> with <var>other</var>'s <span data-x="concept-Origin-origin">origin</span>;
+  otherwise false.</p>
+  </div>
+
 
   <h4><span id="origin-isolation"></span>Origin-keyed agent clusters</h4>
 
@@ -123140,6 +123246,24 @@ document.body.appendChild(frame)</code></pre>
   capability</span>.</p>
   </div>
 
+  <div algorithm>
+  <p>An element implementing the <code>WindowOrWorkerGlobalScope</code> mixin has the following
+  <span>extract an origin</span> steps:</p>
+
+  <ol>
+   <li><p>If <span>this</span>'s <span>relevant settings object</span>'s <span
+   data-x="concept-settings-object-origin">origin</span> is not <span>same origin-domain</span>
+   with the <span>entry settings object</span>'s <span
+   data-x="concept-settings-object-origin">origin</span>, then return null.</p></li>
+
+   <li><p>Return <span>this</span>'s return <span>this</span>'s <span>relevant settings
+   object</span>'s <span data-x="concept-settings-object-origin">origin</span>.</p></li>
+  </ol>
+
+  <p class="note">Since these objects are potentially accessible cross-origin (e.g., through
+  <code>WindowProxy</code>), we need a security check here before granting access to the origin.</p>
+  </div>
+
   </div>
 
 
@@ -127650,6 +127774,12 @@ typedef (<span>WindowProxy</span> or <span>MessagePort</span> or <span>ServiceWo
   <span data-x="concept-url-fragment">fragment</span>).</p>
   </div>
 
+  <div algorithm>
+  <p>Objects implementing the <code>MessageEvent</code> interface's <span>extract an origin</span>
+  steps are to return <span>this</span>'s <span>relevant settings object</span>'s
+  <span data-x="concept-settings-object-origin">origin</span>.</p>
+  </div>
+
   <div algorithm>
   <p>The <dfn attribute for="MessageEvent"><code
   data-x="dom-MessageEvent-lastEventId">lastEventId</code></dfn> attribute must return the value it
