Consider removing `document.origin`

[mikewest]

We have self.origin in HTML, present inside workers and documents. It seems redundant and confusing to suggest that there's a different origin for documents than for the global object they host. Perhaps we can simply remove this in favor of the property on the global?

@bzbarsky seems to be on board with this notion. @cdumez, WDYT?

Edge hasn't implemented this yet, but perhaps @travisleithead has an opinion from a TAG/platformey perspective?

[cdumez]

WebKit does not currently support self.origin but we will likely implement it in the future. Once we support self.origin, we can start deprecating document.origin in WebKit but I suspect it is going to be a while until we actually remove it (if ever, depending on how much it beaks existing content). That said, I do not have an objection if people want to drop document.origin from the spec, I just think it is a bit early given that self.origin is not well deployed yet.

Here are a few things that are not mentioned on this issue that would help decide:

1. Who currently supports document.origin? I seem to remember it is only Blink and WebKit but someone should confirm.
2. Who already ships self.origin? I suspect no one yet even though it is implemented in Firefox nightly iirc.

[bzbarsky]

Correct on both counts, as far as I know: document.origin is only in Blink and WebKit, but not interoperable between the two in shipped versions. self.origin is only in Firefox nightlies so far.

[mikewest]

I just think it is a bit early given that self.origin is not well deployed yet.

I think we're just looking for feedback from other vendors at this point. If you're on board with the idea of migrating to self.origin, and can commit to the (hopefully minimal) work necessary to implement it at some point in the future, and send a console warning or something when you do, then I'm pretty sure we'll do the same in Blink. We're arguing about the impact of this a bit in https://groups.google.com/a/chromium.org/d/msg/blink-dev/CO52Bt15cuc/ya6u_devCQAJ if you'd like to skim through and add your thoughts.

To your questions:

1. Only Blink and WebKit (and, really, only WebKit nightly after your recent fix: you could, for instance, drop that entirely rather than keeping the broken implementation, right?)

2. Firefox nightly is it. We'll have a patch for Blink tomorrowish, but it won't hit stable for a few weeks.

[cdumez]

Sure, I can commit to implementing self.origin in WebKit in the relatively short-term, given that other browsers are already implementing it and I like the idea.

I also do not object to dropping document.origin from the spec given that this is a Blink/WebKit thing only and there is a better alternative available.

[domenic]

As predicted the use counter in Blink is around ~0.09%: https://www.chromestatus.com/metrics/feature/timeline/popularity/1828 But we have no idea how much of that is just enumeration of the document's properties.

@mikewest, what's our next move?

[cdumez]

If we remove document.origin, am I right that developers will have no way of setting the document's origin via JS? I believe self.origin is readonly while document.origin is not.

[bzbarsky]

document.origin is readonly. See https://dom.spec.whatwg.org/#document

Maybe you were thinking about document.domain, which is a totally different thing?

[mikewest]

Yeah. The numbers are higher than I'd hoped. I think there's a reasonable argument to be made that until Safari's change actually hits users (with Safari 11, I imagine?), that these pages are actually broken. @cdumez, it looks like self.origin is in ToT (https://github.com/WebKit/webkit/blob/39765fd9f55c0268bef9d887fc8b8cb0edf5f64b/Source/WebCore/page/WindowOrWorkerGlobalScope.idl#L31); do you happen to know if it landed in time to make the cut for Safari 11?

If so, then it seems reasonable to try for deprecation.

[cdumez]

Oh I was thinking of document.domain, sorry.

[cdumez]

Self.origin is in Safari 11, yes.

[dstorey]

Is there any update here? We (Edge) have to decide if we're going to implement this or not. We're currently working on the other missing features.

[annevk]

I think we would have liked that, but judging from the spike to 0.75% in https://www.chromestatus.com/metrics/feature/timeline/popularity/1828 it seems like it might be way too late.

Given #410 (comment) we probably need to add some more tests for document.origin to ensure that it at least becomes interoperable.

[bzbarsky]

What do the uses look like? If it's document.origin || self.origin that could explain a spike while also allowing removal... The fact that Edge and Gecko don't implement and it hasn't been an obvious compat problem makes me a bit wary of assuming things about the data here.

[travisleithead]

Chatted with @dstorey and we think we can help the situation out by not implementing document.origin and instead getting self.origin implemented in an upcoming release. We're not seeing the compat pain (yet?) for document.origin, so we can try to hold-out as long as possible on that front.