On Thu, Oct 15, 2009 at 12:16 PM, Michael Nordman <micha...@google.com>wrote:
>
>
> On Thu, Oct 15, 2009 at 11:45 AM, Jeremy Orlow <jor...@chromium.org>wrote:
>
>> On Thu, Oct 15, 2009 at 11:33 AM, Michael Nordman <micha...@google.com>wrote:
>>
>>>
>>>
>>> On Wed, Oct 14, 2009 at 4:42 PM, Darin Fisher <da...@chromium.org>wrote:
>>>
>>>> On Wed, Oct 14, 2009 at 3:50 PM, Adam Barth <aba...@chromium.org>wrote:
>>>>
>>>>> On Wed, Oct 14, 2009 at 2:48 PM, Michael Nordman <micha...@google.com>
>>>>> wrote:
>>>>> > As mentioned f2f, this falls apart as soon as Chrome tries to
>>>>> manufacture a
>>>>> > security origin. I'm not sure, may already have instances of that in
>>>>> the
>>>>> > code base for all I know.
>>>>>
>>>>> I'm not sure Chrome is smart enough to manufacture a SecurityOrigin.
>>>>> There's a lot of tricky work in the canonicalization that we don't
>>>>> want to duplicate.
>>>>>
>>>>> Adam
>>>>>
>>>>
>>>>
>>>> Agreed, and we shouldn't be in that business. I think for all our use
>>>> cases, the
>>>> factory for security origins can be WebCore.
>>>>
>>>> Chrome just needs to be able to serialize / de-serialize a security
>>>> origin, compare
>>>> them, and possibly access some component parts (though I'm not certain
>>>> of this
>>>> requirement).
>>>>
>>>
>>> I think i have use cases for creating an 'origin' based on a GURL.
>>>
>>
>> We've talked through these repeatedly and I think we've made good cases
>> against them. WebCore canonicalizes security origins. At the moment, we
>> never create "security origins" in Chrome.
>>
>
> I wasn't implying that webcore's origin code wasn't doing the work, just
> mentioning the use case of determining an origin based on a url. Something
> like this could work.
>
> // Returns the security origin associated with the given url.
> (Web)SecurityOrigin (Web)SecurityOrigin::fromURL((Web)URL &url);
>
>
>> You've given some examples of where we _might_ (read: this is vaporware)
>> do this in the future. For all the use cases I've seen so far, I would
>> actually propose adding a canonicalizeSecurityOrigin() method to
>> WebSecurityOrigin that would create a WebCore::SecurityOrigin and then
>> immediately toString() it.
>>
>
>> What other use cases are there? With each one, please make clear whether
>> it's something we need today or whether it's something you suspect we'll
>> need in the future...because I think most if not all of them are in this
>> second bucket. And I don't want us to code ourselves into a corner, but I
>> also don't want us to write a bunch of dead code that may be used in the
>> future.
>>
>
> The use case is tracking usage per-origin in the appcache code. This isn't
> a hypothetical thing.
>
And also restricting access to resources based on origins, also not a
hypothetical thing.
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
