MicrosoftEdge · yildirimcagri-msft · Jun 15, 2022 · May 17, 2022 · May 17, 2022 · May 23, 2022
diff --git a/specs/WebResourceRequested-CustomScheme.md b/specs/WebResourceRequested-CustomScheme.md
@@ -70,12 +70,14 @@ options.CustomSchemeRegistrations.Add(
   new CoreWebView2CustomSchemeRegistration(customScheme)
   {
     TreatAsSecure = true,
-    AllowedOrigins = { "https://*.example.com" }
+    AllowedOrigins = { "https://*.example.com" },
+    HasAuthorityComponent = true
   });
 options.CustomSchemeRegistrations.Add(
   new CoreWebView2CustomSchemeRegistration(customSchemeNotInAllowedOrigins)
   {
-    TreatAsSecure = true
+    TreatAsSecure = true,
+    HasAuthorityComponent = true
   });
 
 // Custom scheme registrations are validated here. In case invalid array is
@@ -162,12 +164,14 @@ if (options.As(&options3) == S_OK) {
           L"custom-scheme",
           TRUE /* treatAsSecure*/,
           1,
+          FALSE /* hasAuthorityComponent */,
           allowedOrigins));
   schemeRegistrations.push_back(
     Microsoft::WRL::Make<CoreWebView2CustomSchemeRegistration>(
           L"custom-scheme-not-in-allowed-origins-list",
           TRUE /* treatAsSecure*/,
-          nullptr));
+          nullptr,
+          FALSE /* hasAuthorityComponent */));
   CHECK_FAILURE(options3->SetCustomSchemeRegistrations(
     schemeRegistrations.size(), schemeRegistrations.data()));
 }
@@ -271,45 +275,46 @@ CHECK_FAILURE(m_webView->ExecuteScript(
 
 ```c#
 // This is the ICoreWebView2CustomSchemeRegistration interface
+// This represents the registration of a custom scheme with the
+// CoreWebView2Environment.
+// This allows the WebView2 app to be able to handle
+// WebResourceRequested event for requests with the specified scheme and
+// be able to navigate the WebView2 to the custom scheme. Once the environment
+// is created, the registrations are valid and immutable throughout the
+// lifetime of the associated WebView2s' browser process and any WebView2
+// environments sharing the browser process must be created with identical
+// custom scheme registrations, otherwise the environment creation will fail.
+// If there are multiple entries for the same scheme in the registrations
+// list, the environment creation will also fail.
+// The URIs of registered custom schemes will be treated similar to http URIs
+// for their origins.
+// They will have tuple origins for URIs with authority component and opaque origins for
+// URIs without authority component as specified in
+/// [7.5 Origin - HTML Living Standard](https://html.spec.whatwg.org/multipage/origin.html)
+// Example:
+// custom-scheme-with-authority://hostname/path/to/resource has origin of
+// custom-scheme-with-authority://hostname
+// custom-scheme-without-authority:path/to/resource has origin of
+// custom-scheme-without-authority:path/to/resource
+// For WebResourceRequested event, the cases of request URIs and filter URIs
+// with custom schemes will be normalized according to generic URI syntax
+// rules. Any non-ASCII characters will be preserved.
+// The registered custom schemes also participate in
+// [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) and adheres
+// to [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP). The app
+// needs to set the appropriate access headers in its WebResourceRequested
+// event handler to allow CORS requests.
 [uuid(d60ac92c-37a6-4b26-a39e-95cfe59047bb), object, pointer_default(unique)]
 interface ICoreWebView2CustomSchemeRegistration : IUnknown {
-  // Represents the registration of a custom scheme with the
-  // CoreWebView2Environment.
-  // This allows the WebView2 app to be able to handle
-  // WebResourceRequested event for requests with the specified scheme and
-  // be able to navigate the WebView2 to the custom scheme. Once the environment
-  // is created, the registrations are valid and immutable throughout the
-  // lifetime of the associated WebView2s' browser process and any WebView2
-  // environments sharing the browser process must be created with identical
-  // custom scheme registrations, otherwise the environment creation will fail.
-  // If there are multiple entries for the same scheme in the registrations
-  // list, the environment creation will also fail.
-  // The URIs of registered custom schemes will be treated similar to http URIs
-  // for their origins.
-  // They will have tuple origins for URIs with host and opaque origins for
-  // URIs without host as specified in
-  /// [7.5 Origin - HTML Living Standard](https://html.spec.whatwg.org/multipage/origin.html)
-  // Example:
-  // custom-scheme-with-host://hostname/path/to/resource has origin of
-  // custom-scheme-with-host://hostname
-  // custom-scheme-without-host:path/to/resource has origin of
-  // custom-scheme-without-host:path/to/resource
-  // For WebResourceRequested event, the cases of request URIs and filter URIs
-  // with custom schemes will be normalized according to generic URI syntax
-  // rules. Any non-ASCII characters will be preserved.
-  // The registered custom schemes also participate in
-  // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) and adheres
-  // to [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP). The app
-  // needs to set the appropriate access headers in its WebResourceRequested
-  // event handler to allow CORS requests.
-
+
   // The name of the custom scheme to register.
   [propget] HRESULT SchemeName([out, retval] LPCWSTR* schemeName);
   [propput] HRESULT SchemeName([in] LPCWSTR value);
 
   // Whether the sites with this scheme will be treated as a
   // [Secure Context](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts)
   // like a HTTPS site.
+  // `false` by default.
   [propget] HRESULT TreatAsSecure([out, retval] BOOL* treatAsSecure);
   // Set if the scheme will be treated as a Secure Context.
   [propput] HRESULT TreatAsSecure([in] BOOL value);
@@ -341,6 +346,26 @@ interface ICoreWebView2CustomSchemeRegistration : IUnknown {
   HRESULT SetAllowedOrigins(
     [in] UINT32 allowedOriginsCount,
     [in] LPCWSTR* allowedOrigins);
+
+  // Set this to `true` if the URLs with this custom scheme will have an
+  // authority component (a host for custom schemes).
+  // eg: custom-scheme-with-authority://host/path - Set to `true`
+  //     custom-scheme-without-authority:path - Set to `talse`
+  // When this is set to `true`, the URLs with this scheme will be
+  // interpreted as they have a
+  // [scheme and host](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-tuple) 
+  // origin similar to an http URL. Note that the port and user
+  // information are never included in the computation of origins for
+  // custom schemes. If you set `HasAuthorityComponent` to `true` and 
+  // use a URL with this scheme that does not have
+  // an authority component, the behavior of such URLs will be undefined.
+  // `false` by default. 
+  // If this is set to `false`, URLs with this scheme will have an
+  // [opaque origin](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-opaque)
+  // similar to a data URL. 
+  [propget] HRESULT HasAuthorityComponent([out, retval] BOOL* hasAuthorityComponent);
+  // Get has authority component
+  [propput] HRESULT HasAuthorityComponent([in] BOOL  hasAuthorityComponent);
 }
 
 // This is the ICoreWebView2EnvironmentOptions3 interface
@@ -423,6 +448,24 @@ namespace Microsoft.Web.WebView2.Core
         // [AddWebResourceRequestedFilter API](https://docs.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2.addwebresourcerequestedfilter).
         // For example, "http://*.example.com:80".
         IVector<String> AllowedOrigins { get; } = {};
+
+        // Set this to `True` if the URLs with this custom scheme will have an
+        // authority component (a host for custom schemes).
+        // eg: custom-scheme-with-authority://host/path - Set to `True`
+        //     custom-scheme-without-authority:path - Set to `False`
+        // When this is set to `True`, the URLs with this scheme will be
+        // interpreted as they have a
+        // [scheme and host](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-tuple) 
+        // origin similar to an http URL. Note that the port and user
+        // information are never included in the computation of origins for
+        // custom schemes. If you set `HasAuthorityComponent` to `True` and 
+        // use a URL with this scheme that does not have
+        // an authority component, the behavior of such URLs will be undefined.
+        // `False` by default. 
+        // If this is set to `False`, URLs with this scheme will have an
+        // [opaque origin](https://html.spec.whatwg.org/multipage/origin.html#concept-origin-opaque)
+        // similar to a data URL. 
+        Boolean HasAuthorityComponent {get; set; } = false;
     }
 
     runtimeclass CoreWebView2EnvironmentOptions