Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upConsider removing `document.origin` #410
Comments
This comment has been minimized.
This comment has been minimized.
WebKit does not currently support self.origin but we will likely implement it in the future. Once we support self.origin, we can start deprecating document.origin in WebKit but I suspect it is going to be a while until we actually remove it (if ever, depending on how much it beaks existing content). That said, I do not have an objection if people want to drop document.origin from the spec, I just think it is a bit early given that self.origin is not well deployed yet. Here are a few things that are not mentioned on this issue that would help decide:
|
This comment has been minimized.
This comment has been minimized.
bzbarsky
commented
Feb 15, 2017
Correct on both counts, as far as I know: |
This comment has been minimized.
This comment has been minimized.
I think we're just looking for feedback from other vendors at this point. If you're on board with the idea of migrating to To your questions:
|
This comment has been minimized.
This comment has been minimized.
Sure, I can commit to implementing self.origin in WebKit in the relatively short-term, given that other browsers are already implementing it and I like the idea. I also do not object to dropping document.origin from the spec given that this is a Blink/WebKit thing only and there is a better alternative available. |
This comment has been minimized.
This comment has been minimized.
As predicted the use counter in Blink is around ~0.09%: https://www.chromestatus.com/metrics/feature/timeline/popularity/1828 But we have no idea how much of that is just enumeration of the document's properties. @mikewest, what's our next move? |
This comment has been minimized.
This comment has been minimized.
If we remove document.origin, am I right that developers will have no way of setting the document's origin via JS? I believe self.origin is readonly while document.origin is not. |
This comment has been minimized.
This comment has been minimized.
bzbarsky
commented
Aug 8, 2017
•
Maybe you were thinking about |
This comment has been minimized.
This comment has been minimized.
Yeah. The numbers are higher than I'd hoped. I think there's a reasonable argument to be made that until Safari's change actually hits users (with Safari 11, I imagine?), that these pages are actually broken. @cdumez, it looks like If so, then it seems reasonable to try for deprecation. |
This comment has been minimized.
This comment has been minimized.
Oh I was thinking of document.domain, sorry. |
This comment has been minimized.
This comment has been minimized.
Self.origin is in Safari 11, yes. |
This comment has been minimized.
This comment has been minimized.
Is there any update here? We (Edge) have to decide if we're going to implement this or not. We're currently working on the other missing features. |
This comment has been minimized.
This comment has been minimized.
I think we would have liked that, but judging from the spike to 0.75% in https://www.chromestatus.com/metrics/feature/timeline/popularity/1828 it seems like it might be way too late. Given #410 (comment) we probably need to add some more tests for |
This comment has been minimized.
This comment has been minimized.
bzbarsky
commented
Dec 20, 2017
What do the uses look like? If it's |
This comment has been minimized.
This comment has been minimized.
travisleithead
commented
Jan 10, 2018
Chatted with @dstorey and we think we can help the situation out by not implementing |
annevk
assigned
mikewest
Jan 10, 2018
This comment has been minimized.
This comment has been minimized.
To summarise:
Considering the above I'd propose we:
|
This comment has been minimized.
This comment has been minimized.
annevk
added
the
interop
label
Jan 12, 2018
This comment has been minimized.
This comment has been minimized.
Proposal sounds fine to me. |
This comment has been minimized.
This comment has been minimized.
Sounds reasonable to me, but someone will need to do the analysis to come up with a concrete deprecation plan according to our compat principles. We don't add deprecation messages without an approved removal timeframe anymore. But given the existing lack of interop, I suspect this may be as simple as showing some evidence that removal is unlikely to cause observable breakage (eg. spot check a handful of sites we find via HTTP archive) and giving removal a try. @mikewest perhaps you or someone on your team could do this? |
This comment has been minimized.
This comment has been minimized.
@foolip can you help with this? I'm happy to help with tests and the specification. |
This comment has been minimized.
This comment has been minimized.
Update: origin on WorkerGlobalScope and Window is now in code review. Will be in some future version of Edge (probably 18) |
This comment has been minimized.
This comment has been minimized.
Looks like we already had an Intent to Deprecate: |
This comment has been minimized.
This comment has been minimized.
@mikewest did usage analysis in https://groups.google.com/a/chromium.org/d/msg/blink-dev/CO52Bt15cuc/x_V5frbBCQAJ |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
New Intent to Deprecate and Remove: |
annevk
referenced this issue
Jun 6, 2018
Closed
document.domain getter without browsing context #2697
This comment has been minimized.
This comment has been minimized.
Based on discussion in whatwg/html#2697 I think we should also remove document's origin concept, alongside the attribute. All the security checks we have are about origins of globals, not of documents. |
This comment has been minimized.
This comment has been minimized.
(Removing the concept might be harder than I thought, there's a fair number of dependencies on it at the moment that would have to be revamped. See also whatwg/html#2697 (comment).) |
mikewest commentedFeb 15, 2017
We have
self.origin
in HTML, present inside workers and documents. It seems redundant and confusing to suggest that there's a different origin for documents than for the global object they host. Perhaps we can simply remove this in favor of the property on the global?@bzbarsky seems to be on board with this notion. @cdumez, WDYT?
Edge hasn't implemented this yet, but perhaps @travisleithead has an opinion from a TAG/platformey perspective?