From 31b264a56253e7b047d1cc6a02a4c6337dd6cff5 Mon Sep 17 00:00:00 2001 From: Shivani Sharma Date: Fri, 5 Jun 2020 11:43:53 -0400 Subject: [PATCH] Redo top-level origin and add top-level creation URL An environment's top-level origin is null during the initial top-level navigation (before the response arrives) and otherwise represents the origin of the top-level document. It is currently implementation-defined for non-dedicated workers, but hopefully that can be sorted soon. An environment's top-level creation URL is the URL of the top-level document. It is null for workers as they do not need the concept. Needed for https://github.com/whatwg/fetch/pull/943 and #5558. Co-authored-by: Anne van Kesteren --- source | 310 ++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 188 insertions(+), 122 deletions(-) diff --git a/source b/source index 0554a980c6a..a12423f2a10 100644 --- a/source +++ b/source @@ -76555,13 +76555,17 @@ popup4.close(); +

  • Let topLevelCreationURL be about:blank if embedder is + null; otherwise embedder's relevant settings object's top-level + creation URL.

    • +

  • Let topLevelOrigin be origin if embedder is null; otherwise embedder's relevant settings object's top-level origin.

  • Let settingsObject be the result of setting up a window environment settings object given realm - execution context and topLevelOrigin.

    • + settings object">setting up a window environment settings object with realm execution + context, null, topLevelCreationURL, and topLevelOrigin.

  • Let document be a new Document, marked as an HTML document in quirks mode, whose BarProp {

    Script settings for Window objects

    -

    When the user agent is required to set up a window environment settings object, - given a JavaScript execution context execution context, a - top-level origin top-level origin, and an optional - environment reserved environment, it must run the following steps:

    +

    To set up a window environment settings object, given a JavaScript execution + context execution context, null or an environment + reservedEnvironment, a URL topLevelCreationURL, and an + origin topLevelOrigin, run these steps:

    1. Let realm be the value of execution context's Realm @@ -78688,11 +78692,6 @@ interface BarProp { data-x="concept-document-window">associated Document.

      -
      The top-level origin
      -
      -

      Return top-level origin.

      -
      -
      The HTTPS state

      Return the HTTPS state of @@ -78720,23 +78719,20 @@ interface BarProp {

    2. -

      If reserved environment is given, then:

      +

      If reservedEnvironment is non-null, then:

      1. Set settings object's id to - reserved environment's id, - settings object's creation - URL to reserved environment's creation URL, settings object's - target browsing context to - reserved environment's reservedEnvironment's id, settings + object's target browsing + context to reservedEnvironment's target browsing context, and settings object's active - service worker to reserved environment's to reservedEnvironment's active service worker.

      2. -

        Set reserved environment's id to +

        Set reservedEnvironment's id to the empty string.

        The identity of the reserved environment is considered to be fully @@ -78749,11 +78745,14 @@ interface BarProp {

      3. Otherwise, set settings object's id to a new unique opaque string, settings - object's creation URL to - url, settings object's target browsing context to null, and - settings object's active - service worker to null.

        4. + object's target browsing + context to null, and settings object's active service worker to null.

        + +

      4. Set settings object's creation + URL to url, settings object's top-level creation URL to + topLevelCreationURL, and settings object's top-level origin to + topLevelOrigin.

      5. Set realm's [[HostDefined]] field to settings object.

        6. @@ -81660,8 +81659,8 @@ interface Location { // but see also response

        Run process a navigate response with null, resource, navigationType, the source browsing context, - browsingContext, sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin.

        + browsingContext, sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and null.

        If resource is a request whose url's scheme @@ -81679,7 +81678,7 @@ interface Location { // but see also So for example a -

      6. If reservedEnvironment is null, then set reservedEnvironment to a - new environment whose id is a - unique opaque string and target browsing context is - browsingContext.

        7. -
      7. -

        Set reservedEnvironment's creation URL to currentURL.

        +

        If reservedEnvironment is null, then:

        + +
          +

        1. Let topLevelCreationURL be currentURL.

          2. + +

        2. Let topLevelOrigin be null.

          3. + +
        3. +

          If browsingContext is not a top-level browsing context, then:

          + +
            +

          1. Let parentEnvironment be browsingContext's container's relevant settings object.

            2. + +

          2. Set topLevelCreationURL to parentEnvironment's top-level + creation URL and topLevelOrigin to parentEnvironment's + top-level origin.

            3. +
          +
          4. -

          The created environment's active service worker is set in the - Handle Fetch algorithm during the fetch if - the request URL matches a service worker registration.

          +
        4. +

          Set reservedEnvironment to a new environment whose id is a unique opaque string, target browsing context is + browsingContext, creation + URL is currentURL, top-level creation URL is + topLevelCreationURL, and top-level origin is + topLevelOrigin.

          + +

          The created environment's active service worker is set in + the Handle Fetch algorithm during the fetch + if the request URL matches a service worker registration.

          +
          5. +

      8. Set request's reserved @@ -81947,7 +81968,7 @@ interface Location { // but see also browsing contexts source and browsingContext, a sandboxing flag set sandboxFlags, two origins incumbentNavigationOrigin and - activeDocumentNavigationOrigin, and an optional environment + activeDocumentNavigationOrigin, and null or an environment reservedEnvironment, run these steps:

          @@ -82002,15 +82023,17 @@ interface Location { // but see also HTML document section providing browsingContext, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. Once the steps have completed, return. + sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and reservedEnvironment. Once the steps + have completed, return.
          an XML MIME type that is not an explicitly supported XML MIME type
          Follow the steps given in the XML document section providing browsingContext, type, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. Once the steps have completed, return.
          + sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and reservedEnvironment. Once the steps + have completed, return.
          a JavaScript MIME type
          a JSON MIME type that is not an explicitly supported JSON MIME @@ -82021,28 +82044,32 @@ interface Location { // but see also text/vtt"
          Follow the steps given in the plain text file section providing browsingContext, type, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. Once the steps have completed, return.
          + sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and reservedEnvironment. Once the steps + have completed, return.
          "multipart/x-mixed-replace"
          Follow the steps given in the multipart/x-mixed-replace section providing browsingContext, type, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. Once the steps have completed, return.
          + sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and reservedEnvironment. Once the steps + have completed, return.
          A supported image, video, or audio type
          Follow the steps given in the media section providing browsingContext, type, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. Once the steps have completed, return.
          + sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and reservedEnvironment. Once the steps + have completed, return.
          A type that will use an external application to render the content in browsingContext
          Follow the steps given in the plugin section providing browsingContext, type, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. Once the steps have completed, return.
          + sandboxFlags, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, and reservedEnvironment. Once the steps + have completed, return.

          An explicitly supported XML MIME type is an XML MIME type for which @@ -82215,7 +82242,7 @@ interface Location { // but see also response response, a browsing context browsingContext, a sandboxing flag set sandboxFlags, two origins - incumbentNavigationOrigin, activeDocumentNavigationOrigin, and an optional + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and null or an environment reservedEnvironment:

            @@ -82246,6 +82273,12 @@ interface Location { // but see also URL.

            + +

          1. If request is non-null, then set creationURL to request's + current URL.

            2. +

          2. If browsingContext's only entry in its session history is the initial about:blank Document that was added when browsingContext was created, and @@ -82274,14 +82307,28 @@ interface Location { // but see also container's relevant settings object.

            3. + +

          3. Set topLevelCreationURL to parentEnvironment's top-level + creation URL.

            4. + +

          4. Set topLevelOrigin to parentEnvironment's top-level + origin.

            5. +
          +

        1. Set up a window environment settings object with realm execution - context, topLevelOrigin, and reservedEnvironment, if - present.

          2. + context, reservedEnvironment, topLevelCreationURL, and + topLevelOrigin.

        9. @@ -82292,12 +82339,8 @@ interface Location { // but see also

        If request is non-null, then set - document's URL to request's - current URL.

        - -

      9. Otherwise, set document's URL to - response's URL.

        10. +

      10. Set document's URL to creationURL.

      11. Set document's HTTPS state to the HTTPS state of @@ -82493,18 +82536,19 @@ new PaymentRequest(…); // Allowed to use

        Page load processing model for HTML files

        -

        When an HTML document is to be loaded in a browsing - context, provided browsingContext, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin, the user agent must queue a task on the - networking task source to:

        +

        When an HTML document is to be loaded, given a + browsingContext, request, response, sandboxFlags, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment, the user agent must queue a task on the networking task + source to:

        1. Let document be the result of creating and initializing a Document object providing "html", "text/html", request, response, browsingContext, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin.

          2. + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment.

        2. Create an HTML parser and associate it with the document. Each @@ -82539,14 +82583,15 @@ new PaymentRequest(…); // Allowed to use

          When faced with displaying an XML file inline, provided browsingContext, request, response, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin, user agents - must follow the requirements defined in XML and Namespaces in XML, - XML Media Types, DOM, and other relevant specifications to create and initialize a Document object - providing "xml", type, request, response, - browsingContext, sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin. It must also create and a corresponding XML - parser.

          + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment, user agents must follow the requirements defined in XML and + Namespaces in XML, XML Media Types, DOM, and other relevant + specifications to create and initialize a + Document object providing "xml", type, + request, response, browsingContext, sandboxFlags, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment. It must also create and a corresponding XML parser.

          At the time of writing, the XML specification community had not actually yet specified how XML and the DOM interact.

          @@ -82590,17 +82635,19 @@ new PaymentRequest(…); // Allowed to use

          Page load processing model for text files

          -

          When a plain text document is to be loaded in a browsing context, provided - browsingContext, request, response, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user - agent must queue a task on the networking task source to: +

          When a plain text document is to be loaded, provided a browsingContext, + request, response, sandboxFlags, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment, the user agent must queue a task on the networking task + source to:

          1. Let document be the result of creating and initialize a Document object providing "html", type, request, response, browsingContext, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin.

            2. + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment.

          2. Create an HTML parser and associate it with the document. Act as if the tokenizer had emitted a start tag token with the tag name "pre" followed by a single @@ -82667,17 +82714,18 @@ new PaymentRequest(…); // Allowed to use

            Page load processing model for media

            -

            When an image, video, or audio resource is to be loaded in a browsing context, - provided browsingContext, request, response, - sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin, the user agent should: +

            When an image, video, or audio resource is to be loaded, provided a browsingContext, + request, response, sandboxFlags, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment, the user agent should:

            1. Let document be the result of creating and initialize a Document object providing "html", type, request, response, browsingContext, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin.

              2. + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment.

            2. Append an html element to document.

              3. @@ -82733,17 +82781,18 @@ new PaymentRequest(…); // Allowed to use

              Page load processing model for content that uses plugins

              -

              When a resource that requires an external resource to be rendered is to be loaded in a - browsing context, provided browsingContext, request, - response, sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin, the user agent should: +

              When a resource that requires an external resource to be rendered is to be loaded, provided a + browsingContext, request, response, sandboxFlags, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment, the user agent should:

              1. Let document be the result of creating and initialize a Document object providing "html", type, request, response, browsingContext, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin.

                2. + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + environment.

              2. Mark document as being a plugin document

                3. @@ -82788,13 +82837,13 @@ new PaymentRequest(…); // Allowed to use

                Page load processing model for inline content that doesn't have a DOM

                -

                When the user agent is to display a user agent page inline in a browsing context, - the user agent should create and initialize a - Document object providing "html", "text/html", null, null, browsingContext, an empty set, null, and null, - and then either associate that Document with a custom rendering that is not rendered - using the normal Document rendering rules, or mutate that Document until - it represents the content the user agent wants to render.

                +

                When the user agent is to display a user agent page inline, the user agent should create and initialize a Document object + providing "html", "text/html", null, null, + browsingContext, an empty set, null, null, and null, and then either associate that + Document with a custom rendering that is not rendered using the normal + Document rendering rules, or mutate that Document until it represents + the content the user agent wants to render.

                @@ -86150,12 +86199,12 @@ interface ApplicationCache : EventTarget {
                An id
                -

                An opaque string that uniquely identifies the environment.

                +

                An opaque string that uniquely identifies this environment.

                A creation URL
                -

                A URL record that represents the location of the resource with which the +

                A URL that represents the location of the resource with which this environment is associated.

                In the case of an environment settings object, this URL might be @@ -86164,6 +86213,27 @@ interface ApplicationCache : EventTarget { history.pushState().

                +
                A top-level creation URL
                +

                Null or a URL that represents the creation URL of the "top-level" + environment. It is null for workers and worklets.

                + +
                A top-level origin
                +
                +

                A for now implementation-defined value, null, + or an origin. For a "top-level" potential execution environment it is null (i.e., + when there is no response yet); otherwise it is the "top-level" environment's origin. For a dedicated worker or worklet it is + the top-level origin of its creator. For a shared or service worker it is an + implementation-defined value.

                + +

                This is distinct from the top-level creation URL's origin when sandboxing, workers, and worklets are + involved.

                +
                +
                A target browsing context

                Null or a target browsing context for a ApplicationCache : EventTarget {

                An origin used in security checks.

                -
                A top-level origin
                - -
                -

                The origin of the top-level browsing context at the time - this settings object was set up.

                -
                -
                An HTTPS state

                An HTTPS state value representing the security properties of the network @@ -98396,16 +98459,6 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope { origin otherwise.

                -
                The top-level origin
                -
                -

                Return outside settings's top-level origin for a dedicated - worker.

                - -

                For shared and service workers this is still undefined and is being worked on, - since such workers could be associated with multiple top-level browsing contexts.

                -
                -
                The HTTPS state

                Return worker global scope's SharedWorkerGlobalScope : WorkerGlobalScope {

              3. Set settings object's id to a new unique opaque string, settings object's creation URL to worker global - scope's url, settings object's 's url, settings object's top-level creation URL + to null, settings object's target browsing context to null, and settings object's active service worker to null.

                4. +

              4. If worker global scope is a DedicatedWorkerGlobalScope object, + then set settings object's top-level origin to outside + settings's top-level origin.

                5. + +
              5. +

                Otherwise, set settings object's top-level origin to an + implementation-defined value.

                + +

                See Client-Side + Storage Partitioning for the latest on properly defining this.

                +
                6. +

              6. Set realm's [[HostDefined]] field to settings object.

              7. Return settings object.