From 8f44aea4836236380ac2d4207415a119f98850f0 Mon Sep 17 00:00:00 2001
From: Domenic Denicola
Date: Wed, 5 May 2021 19:19:17 -0400
Subject: [PATCH 1/3] Remove image/media origins and check origin-cleanness
directly
That is, check the type of response directly, instead of synthesizing an opaque origin for opaque responses and then comparing that to the entry settings object's origin.
This helps with #1431 by removing various uses of the entry concept, and closes #2761 by removing the origin concept for image and media elements entirely, since it is now unused.
---
source | 71 +++++++++-------------------------------------------------
1 file changed, 11 insertions(+), 60 deletions(-)
diff --git a/source b/source
index 82d29604dcc..db463b7bddd 100644
--- a/source
+++ b/source
@@ -28376,7 +28376,7 @@ was an English <a href="/wiki/Music_hall">music hall</a> singer, ...The resource obtained in this fashion, if any, is image request's image data. It can be either CORS-same-origin or
- CORS-cross-origin; this affects the origin of the image itself (e.g.
+ CORS-cross-origin; this affects the image's interaction with other APIs (e.g.
when used on a canvas
).
@@ -29123,8 +29123,8 @@ was an English <a href="/wiki/Music_hall">music hall</a> singer, ...Otherwise, response's unsafe response is image
request's image data. It can be either
- CORS-same-origin or CORS-cross-origin; this affects the
- origin of the image itself (e.g., when used on a canvas
).
+ CORS-same-origin or CORS-cross-origin; this affects the image's
+ interaction with other APIs (e.g. when used on a canvas
).
@@ -63118,16 +63118,18 @@ try {
object's bitmap image data must be used as the source image.
An object image is not
- origin-clean if, switching on image:
+ origin-clean if, switching on image's type:
HTMLOrSVGImageElement
+ image's current request's image
+ data is CORS-cross-origin.
+
HTMLVideoElement
- image's origin is not same origin with entry
- settings object's origin.
+ image's media data is CORS-cross-origin.
HTMLCanvasElement
- ImageBitMap
+ ImageBitmap
image's bitmap's origin-clean
flag is false.
@@ -81138,53 +81140,6 @@ interface BarProp {
-
Various specification objects are defined to have an origin. These origins are determined as follows:
-
-
- - For images of
img
elements
-
- -
-
-
- - If the image data is CORS-cross-origin
-
- A unique opaque origin assigned when the
- image is created.
-
-
- - If the image data is CORS-same-origin
-
- The img
element's node document's origin.
-
-
-
-
- - For
audio
and video
elements
-
- -
-
-
- - If the media data is CORS-cross-origin
-
- A unique opaque origin assigned when the
- media data is fetched.
-
-
- - If the media data is CORS-same-origin
-
- The media element's node document's origin.
-
-
-
-
-
Other specifications can override the above definitions by themselves specifying the origin of
- a particular image or media element.
-
-
-
The serialization of an origin is the string obtained
by applying the following algorithm to the given origin origin:
@@ -96022,9 +95977,7 @@ dictionary
ImageBitmapOptions {
is not supported or is disabled), or, if there is no such image, the first frame of the
animation.
-
If the origin of image's image is not same origin
- with entry settings object's origin, then set the If image is not origin-clean, then set the origin-clean flag of imageBitmap's
bitmap to false.
@@ -96053,9 +96006,7 @@ dictionary
ImageBitmapOptions {
after any aspect-ratio correction has been applied),
cropped to the source rectangle
with formatting.
-
If the origin of image's video is not same origin
- with entry settings object's origin, then set the If image is not origin-clean, then set the origin-clean flag of imageBitmap's
bitmap to false.
From 87fb63f282a7a8fd36a94198fe49c5eb7ccf3c9d Mon Sep 17 00:00:00 2001
From: Domenic Denicola
Date: Wed, 5 May 2021 19:25:59 -0400
Subject: [PATCH 2/3] Tweak dev edition a bit
---
source | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/source b/source
index db463b7bddd..6cbc4a04464 100644
--- a/source
+++ b/source
@@ -81125,6 +81125,8 @@ interface BarProp {
data-x="concept-origin-tuple">tuple origin can be changed, and only through the document.domain
API.
+
+
The effective domain of an
origin origin is computed as follows:
@@ -81138,8 +81140,6 @@ interface
BarProp {
Return origin's host.
-
-
The serialization of an origin is the string obtained
by applying the following algorithm to the given origin origin:
@@ -81164,10 +81164,14 @@ interface
BarProp {
Return result.
+
+
The serialization of ("https
", "xn--maraa-rta.example
", null, null) is "https://xn--maraa-rta.example
".
+
+
There used to also be a
Unicode serialization of an origin. However, it was never widely adopted.
@@ -81212,6 +81216,8 @@ interface
BarProp {
Return false.
+
+
@@ -81261,6 +81267,8 @@ interface BarProp {
A site is an opaque origin or a
scheme-and-host.
+
+
To obtain a site, given an origin origin, run these steps:
@@ -81316,6 +81324,8 @@ interface BarProp {
scheme
+
+
Unlike the same origin and same origin-domain concepts,
for schemelessly same site and same site, the port and domain
@@ -81383,8 +81393,6 @@ interface BarProp {
data-x="concept-origin-domain">domain components since they are not considered.)
-
-
Relaxing the same-origin restriction
From 3a061d29b139a5ac22c8b16d701b1ed835bdd40a Mon Sep 17 00:00:00 2001
From: Domenic Denicola
Date: Thu, 6 May 2021 11:55:13 -0400
Subject: [PATCH 3/3] Commas after e.g.
---
source | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source b/source
index 6cbc4a04464..064ece0a338 100644
--- a/source
+++ b/source
@@ -28376,7 +28376,7 @@ was an English <a href="/wiki/Music_hall">music hall</a> singer, ...The resource obtained in this fashion, if any, is image request's image data. It can be either CORS-same-origin or
- CORS-cross-origin; this affects the image's interaction with other APIs (e.g.
+ CORS-cross-origin; this affects the image's interaction with other APIs (e.g.,
when used on a canvas
).
@@ -29124,7 +29124,7 @@ was an English <a href="/wiki/Music_hall">music hall</a> singer, ...Otherwise, response's unsafe response is image
request's image data. It can be either
CORS-same-origin or CORS-cross-origin; this affects the image's
- interaction with other APIs (e.g. when used on a canvas
).
+ interaction with other APIs (e.g., when used on a canvas
).