Add suborigin logic to url::Origin

content/public/browser/dom_storage_context.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_PUBLIC_BROWSER_DOM_STORAGE_CONTEXT_H_
 #define CONTENT_PUBLIC_BROWSER_DOM_STORAGE_CONTEXT_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 21 matching lines @@
 
   // Returns a collection of origins using local storage to the given callback.
   virtual void GetLocalStorageUsage(
       const GetLocalStorageUsageCallback& callback) = 0;
 
   // Returns a collection of origins using session storage to the given
   // callback.
   virtual void GetSessionStorageUsage(
       const GetSessionStorageUsageCallback& callback) = 0;
 
-  // Deletes the local storage data for the given origin.
-  virtual void DeleteLocalStorage(const GURL& origin) = 0;
+  // Deletes the local storage data for physical origin of |origin_url|. This
+  // includes all suborigins at the physical origin, and if |origin_url|
+  // contains a suborigin, deletes the empty suborigin as well.

[michaeln, 2016/10/24 21:10:03]

i'm not sure the examples help or hurt clarity? consider simpler wording?

// Deletes the local storage data for the physical origin of |origin_url|,
// including the data for the top level origin and all suborigins.

If you really want to clarify how it behaves given a suborigin as input, maybe
say DeleteLocalStorageForPhysicalOrigin(ori) is functionally equivalent to 
DeleteLocalStorageForPhysicalOrigin(ori.GetPhysicalOrigin())

[jww, 2016/10/24 21:22:54]

Done.

+  //
+  // That is, for example, deletion of http://example.com will also delete local
+  // storage at http-so://foo.example.com, and similarly, deletion of
+  // http-so://foo.example.com will delete storage at http://example.com as
+  // well.
+  //
+  // See https://w3c.github.io/webappsec-suborigins/.
+  virtual void DeleteLocalStorageForPhysicalOrigin(const GURL& origin_url) = 0;
+
+  // Same as above, but extracts the physical origin from |origin| to do the
+  // deletion, so it is unnecessary to guarantee that |origin| doesn't have a
+  // suborigin.

[michaeln, 2016/10/24 21:10:03]

the top part of the comment is stale

[jww, 2016/10/24 21:22:54]

Given the simplification suggestion, I basically reverted this to the original
description.

+  // Deletes the local storage for the origin of |origin_url|. Unlike
+  // DeleteLocalStorageForPhysicalOrigin above, it does not delete the local
+  // storage at other suborigins at the same physical origin.
+  //
+  // That is, for example, deletion of http://example.com will *not* also delete
+  // local storage at http-so://foo.example.com, and similarly, deletion of
+  // http-so://foo.example.com will *not* delete storage at http://example.com.
+  //
+  // See https://w3c.github.io/webappsec-suborigins/.
+  virtual void DeleteLocalStorage(const GURL& origin_url) = 0;
 
   // Deletes the session storage data identified by |usage_info|.
   virtual void DeleteSessionStorage(
       const SessionStorageUsageInfo& usage_info) = 0;
 
   // If this is called, sessionStorage data will be stored on disk, and can be
   // restored after a browser restart (with RecreateSessionStorage). This
   // function must be called right after DOMStorageContextWrapper is created,
   // and before it's used.
   virtual void SetSaveSessionStorageOnDisk() = 0;
@@ skipping 10 matching lines @@
   // been created after a session restore, or a session restore won't happen.
   virtual void StartScavengingUnusedSessionStorage() = 0;
 
  protected:
   virtual ~DOMStorageContext() {}
 };
 
 }  // namespace content
 
 #endif  // CONTENT_PUBLIC_BROWSER_DOM_STORAGE_CONTEXT_H_