From 93ef2db9f29202c4e5579aad26bb48f9e2616673 Mon Sep 17 00:00:00 2001
From: Domenic Denicola <d@domenic.me>
Date: Thu, 11 Jun 2020 14:47:01 -0400
Subject: [PATCH] Add window.originIsolated

---
 source | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/source b/source
index f22b0443bec..a68f3c0fe7c 100644
--- a/source
+++ b/source
@@ -77889,6 +77889,7 @@ interface <dfn data-export="" data-dfn-type="interface">Window</dfn> : <span>Eve
   // the user agent
   readonly attribute <span>Navigator</span> <span data-x="dom-navigator">navigator</span>; <!-- IE also has window.clientInformation === window.navigator -->
   [SecureContext] readonly attribute <span>ApplicationCache</span> <span data-x="dom-applicationCache">applicationCache</span>;
+  readonly attribute boolean <span data-x="dom-originIsolated">originIsolated</span>;
 
   // user prompts
   void <span data-x="dom-alert">alert</span>();
@@ -79627,6 +79628,27 @@ interface <dfn>BarProp</dfn> {
 
   <h4>Origin isolation</h4>
 
+  <dl class="domintro">
+   <dt><var>originIsolated</var> = window . <code subdfn data-x="dom-originIsolated">originIsolated</code></dt>
+
+   <dd>
+    <p>Returns true if this <code>Window</code>'s <span>agent cluster key</span> is its
+    <span>origin</span>, instead of the <span data-x="obtain a site">corresponding
+    site</span>.</p>
+
+    <p>This can be false, even if the `<code data-x="http-origin-isolation">Origin-Isolation</code>`
+    HTTP response header was sent, if a non-origin-isolated same-origin <code>Window</code> was
+    previously seen in the <code>Window</code>'s <span>browsing context group</span>.</p>
+
+    <p>This can be true, even if the `<code data-x="http-origin-isolation">Origin-Isolation</code>`
+    HTTP response header was not sent, if an origin-isolated same-origin <code>Window</code> was
+    previously seen in the <code>Window</code>'s <span>browsing context group</span>. Additionally,
+    some windows (e.g. those created from resources with an <span
+    data-x="concept-origin-opaque">opaque origin</span>) are always origin-isolated, and for them
+    this getter will always return true.</p>
+   </dd>
+  </dl>
+
   <p>A <code>Document</code> delivered over a <span data-x="Is environment settings object a secure
   context?">secure context</span> can opt in to origin isolation, by using the `<code
   data-x="http-origin-isolation">Origin-Isolation</code>` HTTP response header. This header is a
@@ -79652,6 +79674,29 @@ interface <dfn>BarProp</dfn> {
   cluster">agent clusters</span>, even if one sends the header and the other doesn't. This is
   prevented by means of the <span>historical agent cluster key map</span>.</p>
 
+  <p class="note"><code>Document</code>s for which <span>obtain a site</span> returns an
+  <span>origin</span> can be considered unconditionally origin isolated; for them, the header has no
+  effect.</p>
+
+  <hr>
+
+  <p>The <dfn><code data-x="dom-originIsolated">originIsolated</code></dfn> getter steps are:</p>
+
+  <ol>
+   <li><p>Let <var>browsingContext</var> be <span>this</span>'s <span data-x="window bc">browsing
+   context</span>.</p></li>
+
+   <li><p>If <var>browsingContext</var> is null, then return false.</p></li>
+
+   <li><p>Let <var>origin</var> be <span>this</span>'s <span
+   data-x="concept-document-window">associated <code>Document</code></span>'s
+   <span>origin</span>.</p></li>
+
+   <li><p>If <var>browsingContext</var>'s <span data-x="tlbc group">group</span>'s <span>historical
+   agent cluster key map</span>[<var>origin</var>] is <var>origin</var>, then return true.</p>
+
+   <li><p>Return false.</p></li>
+  </ol>
 
 
   <h3>Sandboxing</h3>