Index: url/origin.h |
diff --git a/url/origin.h b/url/origin.h |
index 9e6b492abef50e9b30e6484e766aea2dc76b2bff..6e74a10d1a7d5f51258735a5461bad39cc2885c5 100644 |
--- a/url/origin.h |
+++ b/url/origin.h |
@@ -35,12 +35,14 @@ namespace url { |
// |
// This class ought to be used when code needs to determine if two resources |
// are "same-origin", and when a canonical serialization of an origin is |
-// required. Note that some origins are "unique", meaning that they are not |
-// same-origin with any other origin (including themselves). |
+// required. Note that some origins are "opaque", meaning that they are not |
+// same-origin with any other origin (except themselves). This applies even if |
+// their serialization is identical: Two opaque origins created from parsing the |
+// same string will each be unique, and will not compare equal. |
// |
// There are a few subtleties to note: |
// |
-// * Invalid and non-standard GURLs are parsed as unique origins. This includes |
+// * Invalid and non-standard GURLs are parsed as opaque origins. This includes |
// non-hierarchical URLs like 'data:text/html,...' and 'javascript:alert(1)'. |
// |
// * GURLs with schemes of 'filesystem' or 'blob' parse the origin out of the |
@@ -48,7 +50,7 @@ namespace url { |
// is parsed as ('https', 'example.com', 443). |
// |
// * Unique origins all serialize to the string "null"; this means that the |
-// serializations of two unique origins are identical to each other, though |
+// serializations of two opaque origins are identical to each other, though |
// the origins themselves are not "the same". This means that origins' |
// serializations must not be relied upon for security checks. |
// |
@@ -67,7 +69,7 @@ namespace url { |
// origin.scheme(); // "https" |
// origin.host(); // "example.com" |
// origin.port(); // 443 |
-// origin.unique(); // false |
+// origin.opaque(); // false |
// |
// * To answer the question "Are |this| and |that| "same-origin" with each |
// other?", use |Origin::IsSameOriginWith|: |
@@ -77,13 +79,14 @@ namespace url { |
// } |
class URL_EXPORT Origin { |
public: |
- // Creates a unique Origin. |
+ // Creates a unique opaque Origin. |
Origin(); |
// Creates an Origin from |url|, as described at |
// https://url.spec.whatwg.org/#origin, with the following additions: |
// |
- // 1. If |url| is invalid or non-standard, a unique Origin is constructed. |
+ // 1. If |url| is invalid or non-standard, a unique opaque Origin is |
+ // constructed. |
// 2. 'filesystem' URLs behave as 'blob' URLs (that is, the origin is parsed |
// out of everything in the URL which follows the scheme). |
// 3. 'file' URLs all parse as ("file", "", 0). |
@@ -115,7 +118,7 @@ class URL_EXPORT Origin { |
~Origin(); |
- // For unique origins, these return ("", "", 0). |
+ // For opaque origins, these return ("", "", 0). |
const std::string& scheme() const { return tuple_.scheme(); } |
const std::string& host() const { return tuple_.host(); } |
uint16_t port() const { return tuple_.port(); } |
@@ -123,7 +126,7 @@ class URL_EXPORT Origin { |
// Note that an origin without a suborgin will return the empty string. |
const std::string& suborigin() const { return suborigin_; } |
- bool unique() const { return unique_; } |
+ bool opaque() const { return opaque_; } |
// An ASCII serialization of the Origin as per Section 6.2 of RFC 6454, with |
// the addition that all Origins with a 'file' scheme serialize to "file://". |
@@ -137,9 +140,10 @@ class URL_EXPORT Origin { |
// https://w3c.github.io/webappsec-suborigins/. |
Origin GetPhysicalOrigin() const; |
- // Two Origins are "same-origin" if their schemes, hosts, and ports are exact |
- // matches; and neither is unique. If either of the origins have suborigins, |
- // the suborigins also must be exact matches. |
+ // Two Origins are "same-origin" if they are the same opaque origin, or if |
+ // their schemes, hosts, and ports are exact matches; and neither is opaque. |
+ // If either of the origins have suborigins, the suborigins also must be exact |
+ // matches. |
bool IsSameOriginWith(const Origin& other) const; |
bool operator==(const Origin& other) const { |
return IsSameOriginWith(other); |
@@ -176,7 +180,7 @@ class URL_EXPORT Origin { |
SchemeHostPort::ConstructPolicy policy); |
SchemeHostPort tuple_; |
- bool unique_; |
+ bool opaque_; |
std::string suborigin_; |
}; |