On Fri, Aug 21, 2020 at 2:41 AM Ryosuke Niwa <rn...@webkit.org> wrote: > I feel like I saw some discussions of also differentiating based on > protocol (treating http://webkit.org and https://webkit.org > differently). Do you know you've already had such a discussion and if > so what the outcome of that discussion was?
The scheme is already part of an origin so that is definitely a boundary for this feature. However, I guess you're asking about the "normal" website security boundary, which is site (roughly scheme + registrable domain, exact definition in HTML). Site historically lacked scheme, but that was changed. There are still some features (primarily cookies) that compare sites and ignore the scheme (this operation is also defined in HTML), but those too have proposals to move away from that. _______________________________________________ webkit-dev mailing list firstname.lastname@example.org https://lists.webkit.org/mailman/listinfo/webkit-dev