This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The definition of origin attribute in Web Messaging specification Editor's Draft from January 18, 2012 says at http://dev.w3.org/html5/postmsg/#dom-messageevent-origin > It represents, in server-sent events and cross-document > messaging, the origin of the document that sent the > message (typically the scheme, hostname, and port of > the document, but not its path or fragment identifier). From this I suspect that the scheme could be anything: http, https, mailto, irc, etc. In the context a script I was wondering if iframe.contentWindow.postMessage('message','http://dev.opera.com') could be rewritten iframe.contentWindow.postMessage('message','//dev.opera.com') allowing Web sites to work with or without https without having to rewrite the code. If this is authorized maybe, the paragraph could be modified with It represents, in server-sent events and cross-document messaging, the origin of the document that sent the message (typically the scheme null string included, hostname, and port of the document, but not its path or fragment identifier). Some examples of valid origin values http://foo.example.com https://foo.example.com //foo.example.com
The scheme can't be omitted. However, if you want "allow the same origin as myself", there's a special value for that, "/".
(In reply to comment #1) > The scheme can't be omitted. However, if you want "allow the same origin as > myself", there's a special value for that, "/". Ah thanks. This could be put in the specification too. Though that doesn't solve the use case I was mentioning. Hmmm too bad, I guess. Thanks Simon.
This bug was cloned to create bug 17823 as part of operation convergence.
*** This bug has been marked as a duplicate of bug 17823 ***