From 1e17081d377a47c323144c023bfcf22b098c4f43 Mon Sep 17 00:00:00 2001
From: Ben Kelly <wanderview@chromium.org>
Date: Thu, 27 Oct 2022 20:40:54 +0000
Subject: [PATCH] Move origin into policy container. (#8302)

This change also depends on https://github.com/whatwg/dom/pull/1142.
---
 source | 116 +++++++++++++++++++++++++++++----------------------------
 1 file changed, 60 insertions(+), 56 deletions(-)

diff --git a/source b/source
index 3c852cd4204..7450b1aa808 100644
--- a/source
+++ b/source
@@ -10034,9 +10034,10 @@ o.myself = o;</code></pre>
 
   <p>The <code>Document</code> object's <dfn data-x="concept-document-origin"
   data-x-href="https://dom.spec.whatwg.org/#concept-document-origin"
-  data-x-for="Document">origin</dfn> is defined in <cite>DOM</cite>. It is initially set when the
-  <code>Document</code> object is created, and can change during the lifetime of the
-  <code>Document</code> only upon setting <code
+  data-x-for="Document">origin</dfn> is defined in <cite>DOM</cite>. It currently aliases the
+  value of its <span data-x="concept-document-policy-container">policy container</span>'s
+  <span data-x=policy-container-origin>origin</span>. This origin can change during the lifetime
+  of the <code>Document</code> upon setting <code
   data-x="dom-document-domain">document.domain</code>. A <code>Document</code>'s <span
   data-x="concept-document-origin">origin</span> can differ from the <span
   data-x="concept-url-origin">origin</span> of its <span data-x="concept-document-url">URL</span>;
@@ -83457,6 +83458,10 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
   <!-- Note: each item has to define a default value for creating a new policy container. -->
 
   <ul>
+   <li><p>An <dfn export for="policy container" data-x="policy-container-origin">origin</dfn>,
+   which is an <span>origin</span>.  It is initially an <span
+   data-x="concept-origin-opaque">opaque origin</span>.</p></li>
+
    <li><p>A <dfn export for="policy container" data-x="policy-container-csp-list">CSP list</dfn>,
    which is a <span data-x="concept-csp-list">CSP list</span>. It is initially empty.</p></li>
 
@@ -83477,6 +83482,9 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
   <ol>
    <li><p>Let <var>clone</var> be a new <span>policy container</span>.</p></li>
 
+   <li><p>Set <var>clone</var>'s <span data-x="policy-container-origin">origin</span> to
+   <var>policyContainer</var>'s <span data-x="policy-container-origin">origin</span>.</p></li>
+
    <li><p><span data-x="list iterate">For each</span> <var>policy</var> in
    <var>policyContainer</var>'s <span data-x="policy-container-csp-list">CSP list</span>, <span
    data-x="list append">append</span> a copy of <var>policy</var> into <var>clone</var>'s <span
@@ -83528,6 +83536,10 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
 
    <li><p>Let <var>result</var> be a new <span>policy container</span>.</p></li>
 
+   <li><p>Set <var>result</var>'s <span data-x="policy-container-origin">origin</span> to
+   <var>response</var>'s <span data-x="concept-response-url">URL</span>'s
+   <span data-x="concept-url-origin">origin</span>.</p></li>
+
    <li><p>Set <var>result</var>'s <span data-x="policy-container-csp-list">CSP list</span> to the
    result of <span data-x="parse-response-csp">parsing a response's Content Security Policies</span>
    given <var>response</var>.</p></li>
@@ -83583,7 +83595,9 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
    <li><p>If <var>responsePolicyContainer</var> is not null, then return
    <var>responsePolicyContainer</var>.</p></li>
 
-   <li><p>Return a new <span>policy container</span>.</p></li>
+   <li><p>Return a new <span>policy container</span> whose <span
+   data-x="policy-container-origin">origin</span> is <var>responseURL</var>'s
+   <span data-x="concept-url-origin">origin</span>.</p></li>
   </ol>
 
   <p>To <dfn data-x="initialize worker policy container">initialize a worker global scope's policy
@@ -85037,12 +85051,6 @@ interface <dfn interface>BarProp</dfn> {
       <span data-x="concept-document-window">associated <code>Document</code></span>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-origin">origin</span></dt>
-     <dd>
-      <p>Return the <span data-x="concept-document-origin">origin</span> of <var>window</var>'s
-      <span data-x="concept-document-window">associated <code>Document</code></span>.</p>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-policy-container">policy container</span></dt>
      <dd>
       <p>Return the <span data-x="concept-document-policy-container">policy container</span> of
@@ -88167,9 +88175,6 @@ interface <dfn interface>BeforeUnloadEvent</dfn> : <span>Event</span> {
      <dt><span data-x="concept-document-mode">mode</span></dt>
      <dd>"<code data-x="">quirks</code>"</dd>
 
-     <dt><span data-x="concept-document-origin">origin</span></dt>
-     <dd><var>origin</var></dd>
-
      <dt><span data-x="concept-document-bc">browsing context</span></dt>
      <dd><var>browsingContext</var>
 
@@ -89479,9 +89484,6 @@ location.href = '#foo';</code></pre>
    <dd>a <span data-x="concept-response">response</span> that ultimately was navigated to
    (potentially a <span>network error</span>)</dd>
 
-   <dt><dfn data-x="navigation-params-origin">origin</dfn></dt>
-   <dd>an <span>origin</span> to use for the new <code>Document</code></dd>
-
    <dt><dfn data-x="navigation-params-policy-container">policy container</dfn></dt>
    <dd>a <span>policy container</span> to use for the new <code>Document</code></dd>
 
@@ -89827,6 +89829,9 @@ location.href = '#foo';</code></pre>
        <var>finalSandboxFlags</var>, <var>documentState</var>'s <span
        data-x="document-state-initiator-origin">initiator origin</span>, and null.</p></li>
 
+       <li><p>Set <var>policyContainer</var>'s <span data-x="policy-container-origin">origin</span>
+       to <var>responseOrigin</var>.</p></li>
+
        <li><p>Let <var>coop</var> be a new <span>cross-origin opener policy</span>.</p></li>
 
        <li>
@@ -89859,9 +89864,6 @@ location.href = '#foo';</code></pre>
          <dt><span data-x="navigation-params-response">response</span></dt>
          <dd><var>response</var></dd>
 
-         <dt><span data-x="navigation-params-origin">origin</span></dt>
-         <dd><var>responseOrigin</var></dd>
-
          <dt><span data-x="navigation-params-policy-container">policy container</span></dt>
          <dd><var>policyContainer</var></dd>
 
@@ -90231,11 +90233,10 @@ location.href = '#foo';</code></pre>
      <dt><span data-x="navigation-params-response">response</span></dt>
      <dd><var>response</var></dd>
 
-     <dt><span data-x="navigation-params-origin">origin</span></dt>
-     <dd><var>newDocumentOrigin</var></dd>
-
      <dt><span data-x="navigation-params-policy-container">policy container</span></dt>
-     <dd><var>policyContainer</var></dd>
+     <dd>a <span data-x="clone a policy container">clone</span> of <var>policyContainer</var>
+     with its <span data-x="policy-container-origin">origin</span> set to
+     <var>newDocumentOrigin</var></dd>
 
      <dt><span data-x="navigation-params-sandboxing">final sandboxing flag set</span></dt>
      <dd><var>finalSandboxFlags</var></dd>
@@ -91034,7 +91035,8 @@ location.href = '#foo';</code></pre>
      data-x="navigation-params-response">response</span>, <var>navigable</var>,
      <var>navigationParams</var>'s <span data-x="navigation-params-policy-container">policy
      container</span>'s <span data-x="policy-container-csp-list">CSP list</span>, and
-     <var>navigationParams</var>'s <span data-x="navigation-params-origin">origin</span> is false,
+     <var>navigationParams</var>'s <span data-x="navigation-params-policy-container">policy
+     container</span>'s <span data-x="policy-container-origin">origin</span> is false,
      then set <var>failure</var> to true.</p></li>
 
      <li>
@@ -91223,6 +91225,9 @@ location.href = '#foo';</code></pre>
    <var>navigable</var>'s <span data-x="nav-container-document">container document</span>'s <span
    data-x="concept-document-policy-container">policy container</span>, and null.</p></li>
 
+   <li><p>Set <var>policyContainer</var>'s <span data-x="policy-container-origin">origin</span>
+   to <var>responseOrigin</var>.</p></li>
+
    <li>
     <p>Return a new <span>navigation params</span>, with</p>
 
@@ -91236,9 +91241,6 @@ location.href = '#foo';</code></pre>
      <dt><span data-x="navigation-params-response">response</span></dt>
      <dd><var>response</var></dd>
 
-     <dt><span data-x="navigation-params-origin">origin</span></dt>
-     <dd><var>responseOrigin</var></dd>
-
      <dt><span data-x="navigation-params-policy-container">policy container</span></dt>
      <dd><var>policyContainer</var></dd>
 
@@ -91811,6 +91813,9 @@ location.href = '#foo';</code></pre>
    <var>sourceSnapshotParams</var>'s <span data-x="source-snapshot-params-policy-container">source
    policy container</span>, null, and <var>responsePolicyContainer</var>.</p></li>
 
+   <li><p>Set <var>resultPolicyContainer</var>'s <span
+   data-x="policy-container-origin">origin</span> to <var>responseOrigin</var></p></li>.
+
    <li>
     <p>Return a new <span>navigation params</span>, with</p>
 
@@ -91824,9 +91829,6 @@ location.href = '#foo';</code></pre>
      <dt><span data-x="navigation-params-response">response</span></dt>
      <dd><var>response</var></dd>
 
-     <dt><span data-x="navigation-params-origin">origin</span></dt>
-     <dd><var>responseOrigin</var></dd>
-
      <dt><span data-x="navigation-params-policy-container">policy container</span></dt>
      <dd><var>resultPolicyContainer</var></dd>
 
@@ -93174,7 +93176,8 @@ location.href = '#foo';</code></pre>
    <li>
     <p>Let <var>permissionsPolicy</var> be the result of <span>creating a permissions policy from a
     response</span> given <var>browsingContext</var>, <var>navigationParams</var>'s <span
-    data-x="navigation-params-origin">origin</span>, and <var>navigationParams</var>'s <span
+    data-x="navigation-params-policy-container">policy container</span>'s <span
+    data-x="policy-container-origin">origin</span>, and <var>navigationParams</var>'s <span
     data-x="navigation-params-response">response</span>. <ref spec="PERMISSIONSPOLICY"></p>
 
     <div class="note">
@@ -93209,7 +93212,8 @@ location.href = '#foo';</code></pre>
     <code>about:blank</code></span> is true, and <var>browsingContext</var>'s <span>active
     document</span>'s <span data-x="concept-document-origin">origin</span> is <span>same
     origin-domain</span> with <var>navigationParams</var>'s <span
-    data-x="navigation-params-origin">origin</span>, then set <var>window</var> to
+    data-x="navigation-params-policy-container">policy container</span>'s <span
+    data-x="policy-container-origin">origin</span>, then set <var>window</var> to
     <var>browsingContext</var>'s <span>active window</span>.</p>
 
     <p class="note">This means that both the <span data-x="is initial about:blank">initial
@@ -93236,7 +93240,8 @@ location.href = '#foo';</code></pre>
 
      <li><p>Let <var>agent</var> be the result of <span
      data-x="obtain-similar-origin-window-agent">obtaining a similar-origin window agent</span>
-     given <var>navigationParams</var>'s <span data-x="navigation-params-origin">origin</span>,
+     given <var>navigationParams</var>'s <span data-x="navigation-params-policy-container">policy
+     container</span>'s <span data-x="policy-container-origin">origin</span>,
      <var>browsingContext</var>'s <span data-x="tlbc group">group</span>, and
      <var>requestsOAC</var>.</p></li>
 
@@ -93258,7 +93263,8 @@ location.href = '#foo';</code></pre>
      <li><p>Let <var>topLevelCreationURL</var> be <var>creationURL</var>.</p></li>
 
      <li><p>Let <var>topLevelOrigin</var> be <var>navigationParams</var>'s <span
-     data-x="navigation-params-origin">origin</span>.</p></li>
+     data-x="navigation-params-policy-container">policy container</span>'s <span
+     data-x="policy-container-origin">origin</span>.</p></li>
 
      <li>
       <p>If <var>navigable</var>'s <span data-x="nav-container">container</span> is not null,
@@ -93302,9 +93308,6 @@ location.href = '#foo';</code></pre>
      <dt><span data-x="concept-document-content-type">content type</span></dt>
      <dd><var>contentType</var></dd>
 
-     <dt><span data-x="concept-document-origin">origin</span></dt>
-     <dd><var>navigationParams</var>'s <span data-x="navigation-params-origin">origin</span></dd>
-
      <dt><span data-x="concept-document-bc">browsing context</span></dt>
      <dd><var>browsingContext</var>
 
@@ -93783,9 +93786,6 @@ new PaymentRequest(&hellip;); // Allowed to use
      <dt><span data-x="navigation-params-response">response</span></dt>
      <dd>a new <span data-x="concept-response">response</span></dd>
 
-     <dt><span data-x="navigation-params-origin">origin</span></dt>
-     <dd><var>origin</var></dd>
-
      <dt><span data-x="navigation-params-policy-container">policy container</span></dt>
      <dd>a new <span>policy container</span></dd>
 
@@ -94956,7 +94956,8 @@ new PaymentRequest(&hellip;); // Allowed to use
    settings object">origin</dfn></dt>
 
    <dd>
-    <p>An <span>origin</span> used in security checks.</p>
+    <p>This objects <span data-x="concept-settings-object-policy-container">policy
+    container</span>'s <span data-x="policy-container-origin">origin</span>.</p>
    </dd>
 
    <dt>A <dfn data-x="concept-settings-object-policy-container" export
@@ -107329,6 +107330,12 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
     <code>SharedWorkerGlobalScope</code> object created in the previous step.</p>
    </li>
 
+   <li><p>Set <var>worker global scope</var>'s
+   <span data-x="concept-WorkerGlobalScope-policy-container">policy container</span>'s
+   <span data-x="policy-container-origin">origin</span> to <var>outside settings</var>'s
+   <span data-x="concept-settings-object-policy-container">policy container</span>'s
+   <span data-x="policy-container-origin">origin</span>.</p></li>
+
    <li><p><span>Set up a worker environment settings object</span> with <var>realm execution
    context</var>, <var>outside settings</var>, and <var>unsafeWorkerCreationTime</var>, and let
    <var>inside settings</var> be the result.</p></li>
@@ -107732,14 +107739,6 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
       data-x="concept-WorkerGlobalScope-url">url</span>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-origin">origin</span></dt>
-     <dd>
-      <p>Return a unique <span data-x="concept-origin-opaque">opaque origin</span> if <var>worker
-      global scope</var>'s <span data-x="concept-WorkerGlobalScope-url">url</span>'s <span
-      data-x="concept-url-scheme">scheme</span> is "<code data-x="">data</code>", and <var>inherited
-      origin</var> otherwise.</p>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-policy-container">policy container</span></dt>
      <dd>
       <p>Return <var>worker global scope</var>'s <span
@@ -107760,6 +107759,18 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
     </dl>
    </li>
 
+   <li><p><span>Assert</span> that <var>settings object</var>'s <span
+   data-x="concept-settings-object-policy-container">policy container</span>'s <span
+   data-x="policy-container-origin">origin</span> is an <span data-x="concept-origin-opaque">opaque
+   origin</span>.</p></li>
+
+   <li><p>If <var>worker global scope</var>'s <span
+   data-x="concept-WorkerGlobalScope-url">url</span>'s <span
+   data-x="concept-url-scheme">scheme</span> is not "<code data-x="">data</code>", then set
+   <var>settings object</var>'s <span data-x="concept-settings-object-policy-container">policy
+   container</span>'s <span data-x="policy-container-origin">origin</span> to <var>inherited
+   origin</var>.</p></li>
+
    <li><p>Set <var>settings object</var>'s <span data-x="concept-environment-id">id</span> to a new
    unique opaque string, <span data-x="concept-environment-creation-url">creation URL</span> to
    <var>worker global scope</var>'s <span>url</span>, <span>top-level creation URL</span> to null,
@@ -108895,8 +108906,6 @@ interface <dfn interface>WorkletGlobalScope</dfn> {};</code></pre>
   object</span> <var>outsideSettings</var>:</p>
 
   <ol>
-   <li><p>Let <var>origin</var> be a unique <span data-x="concept-origin-opaque">opaque
-   origin</span>.</p></li>
 
    <li><p>Let <var>inheritedAPIBaseURL</var> be <var>outsideSettings</var>'s <span>API base
    URL</span>.</p></li>
@@ -108944,11 +108953,6 @@ interface <dfn interface>WorkletGlobalScope</dfn> {};</code></pre>
       available to worklet code make use of the <span>API base URL</span>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-origin">origin</span></dt>
-     <dd>
-      <p>Return <var>origin</var>.</p>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-policy-container">policy container</span></dt>
      <dd>
       <p>Return <var>inheritedPolicyContainer</var>.</p>