Bug 15994 - origin attribute
Summary: origin attribute
Status: RESOLVED DUPLICATE of bug 17823
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: Web Messaging (editor: Ian Hickson) (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Ian 'Hixie' Hickson
QA Contact: public-webapps-bugzilla
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-15 19:26 UTC by Karl Dubost
Modified: 2012-10-12 18:11 UTC (History)
7 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karl Dubost 2012-02-15 19:26:39 UTC
The definition of origin attribute in Web Messaging specification Editor's Draft from January 18, 2012 says at
http://dev.w3.org/html5/postmsg/#dom-messageevent-origin


> It represents, in server-sent events and cross-document 
> messaging, the origin of the document that sent the 
> message (typically the scheme, hostname, and port of 
> the document, but not its path or fragment identifier).

From this I suspect that the scheme could be anything: http, https, mailto, irc, etc. In the context a script I was wondering if 
 
    iframe.contentWindow.postMessage('message','http://dev.opera.com')

could be rewritten

    iframe.contentWindow.postMessage('message','//dev.opera.com')

allowing Web sites to work with or without https without having to rewrite the code. If this is authorized maybe, the paragraph could be modified with 

    It represents, in server-sent events and cross-document 
    messaging, the origin of the document that sent the 
    message (typically the scheme null string included, 
    hostname, and port of the document, but not its path or 
    fragment identifier). 

    Some examples of valid origin values

    http://foo.example.com
    https://foo.example.com
    //foo.example.com
Comment 1 Simon Pieters 2012-02-15 19:39:58 UTC
The scheme can't be omitted. However, if you want "allow the same origin as myself", there's a special value for that, "/".
Comment 2 Karl Dubost 2012-02-15 20:04:17 UTC
(In reply to comment #1)
> The scheme can't be omitted. However, if you want "allow the same origin as
> myself", there's a special value for that, "/".

Ah thanks. This could be put in the specification too. 
Though that doesn't solve the use case I was mentioning. Hmmm too bad, I guess.
Thanks Simon.
Comment 3 contributor 2012-07-18 06:55:33 UTC
This bug was cloned to create bug 17823 as part of operation convergence.
Comment 4 Ian 'Hixie' Hickson 2012-10-12 18:11:23 UTC

*** This bug has been marked as a duplicate of bug 17823 ***