Thanks for the explainer link, Daniel. Mike:
Saw a few considered alternatives in the explainer, which is great. Have you considered how this might be added to the URL object instead? Did you reject that for a reason I couldn't see? Best, Alex On Wednesday, November 19, 2025 at 8:16:27 AM UTC-8 Yoav Weiss wrote: > Can you flip all the review bits in chromestatus.com? (enterprise, > debuggability and testing are missing) > > On Wed, Nov 19, 2025 at 4:20 PM Daniel Bratell <[email protected]> > wrote: > >> Better explainer than the spec: >> >> https://github.com/mikewest/origin-api/blob/main/README.md >> >> /Daniel >> On 2025-11-19 15:46, Chromestatus wrote: >> >> *Contact emails* >> [email protected] >> >> *Explainer* >> https://mikewest.github.io/origin-api >> >> *Specification* >> https://github.com/whatwg/html/pull/11846 >> >> *Summary* >> The origin is a fundamental component of the web’s implementation, >> essential to both the security and privacy boundaries which user agents >> maintain. The concept is well-defined between HTML and URL, along with >> widely-used adjacent concepts like "site". Origins, however, are not >> directly exposed to web developers. Though there are various origin getters >> on various objects, each of those returns the ASCII serialization of an >> origin, not the origin itself. This has a few negative implications. >> Practically, developers attempting to do same-origin or same-site >> comparisons when handling serialized origins often get things wrong in ways >> that lead to vulnerabilities. Philosophically, it seems like a missing >> security primitive that developers struggle to polyfill accurately. We can >> address this gap in the platform by introducing an Origin object that >> encapsulates the origin concept, and provides helpful methods for >> comparison, serialization, parsing, and etc. >> >> *Blink component* >> Blink>SecurityFeature >> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ESecurityFeature%22> >> >> *Web Feature ID* >> Missing feature >> >> *Motivation* >> *No information provided* >> >> *Initial public proposal* >> https://github.com/whatwg/html/issues/11534 >> >> *TAG review* >> https://github.com/w3ctag/design-reviews/issues/1130 >> >> *TAG review status* >> Issues addressed >> >> *Risks* >> >> >> *Interoperability and Compatibility* >> *No information provided* >> >> *Gecko*: No signal ( >> https://github.com/mozilla/standards-positions/issues/1280) >> >> *WebKit*: No signal ( >> https://github.com/WebKit/standards-positions/issues/538) Tending >> towards positive. >> >> *Web developers*: No signals >> >> *Other signals*: >> >> *Security* >> Ideally, this will resolve security risks rather than creating them. That >> said, it is the first time we're exposing the same-site concept directly, >> and if developers aren't careful about how they do those comparisons >> (especially between browsers or browser versions with differing versions of >> the PSL), there's some risk that they'd cache an old decision that doesn't >> apply in the current version of the browser. >> >> *WebView application risks* >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> *No information provided* >> >> >> *Debuggability* >> No special support; this is an API debuggable via devtools like any >> other. >> >> *Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)?* >> Yes >> >> *Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* >> Yes >> >> https://wpt.fyi/results/html/browsers/origin/?label=master&label=experimental&aligned >> >> *Flag name on about://flags* >> *No information provided* >> >> *Finch feature name* >> OriginAPI >> >> *Rollout plan* >> Will ship enabled for all users >> >> *Requires code in //chrome?* >> False >> >> *Tracking bug* >> https://issues.chromium.org/issues/434131026 >> >> *Estimated milestones* >> Shipping on desktop 144 >> Shipping on Android 144 >> Shipping on WebView 144 >> >> *Anticipated spec changes* >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> *No information provided* >> >> *Link to entry on the Chrome Platform Status* >> https://chromestatus.com/feature/5095541277065216?gate=6604674545352704 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com>. >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/691dd83d.050a0220.2a427a.045f.GAE%40google.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/691dd83d.050a0220.2a427a.045f.GAE%40google.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/4818ba16-efe4-45ce-ad90-e027b62bbce8%40gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/4818ba16-efe4-45ce-ad90-e027b62bbce8%40gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/4c59a352-90b7-497d-a231-8cf597d09f74n%40chromium.org.
