On Fri, Aug 21, 2020 at 2:41 AM Ryosuke Niwa <rn...@webkit.org> wrote:
> I feel like I saw some discussions of also differentiating based on
> protocol (treating http://webkit.org and https://webkit.org
> differently). Do you know you've already had such a discussion and if
> so what the outcome of that discussion was?

The scheme is already part of an origin so that is definitely a
boundary for this feature. However, I guess you're asking about the
"normal" website security boundary, which is site (roughly scheme +
registrable domain, exact definition in HTML). Site historically
lacked scheme, but that was changed. There are still some features
(primarily cookies) that compare sites and ignore the scheme (this
operation is also defined in HTML), but those too have proposals to
move away from that.
webkit-dev mailing list

Reply via email to