I put together a CL introducing a Java version of Origin::Create, but if we want to be more deliberate here I can withdraw it. Does someone here have more experience in Java to build the Java Origin API we want?On Wed, Oct 13, 2021 at 10:05 AM Mike West <mk...@chromium.org> wrote:On Wed, Oct 13, 2021 at 3:50 PM Łukasz Anforowicz <luk...@chromium.org> wrote:On Wed, Oct 13, 2021 at 12:43 AM Mike West <mk...@chromium.org> wrote:Yikes indeed.I have no opinion about the Java questions here, but I'll put up a patch to deprecate the existing usage of `GetOrigin()`, and another to wrap `url::Origin::Create(url)` as `GURL::GetOrigin()`.url::Origin::Create(url) is also prone to subtle mistakes - it ignores iframe.sandbox and mishandles about:blank and about:srcdoc (see also https://chromium.googlesource.com/chromium/src/+/main/docs/security/origin-vs-url.md#avoid-converting-urls-to-origins). If we are effectively introducing a new method, then can we implement the new GURL::GetOrigin on top of url::Origin::Resolve and take 2 parameters (GURL=this, and a mandatory origin)? In the (rare?) case when the caller really does only have a GURL, we can either 1) pass url::Origin() (an opaque origin) as the 2nd argument or 2) introduce another overload where the 2nd argument is an enum value that's spelled something like GURL::kUnsafeUrlToOriginConversion or GURL::kIKnowWhatIAmDoing.I think I agree with all of this. I do think it's useful to be able to understand the origin of a given URL, but I also agree that that's often a footgun that isn't enabling the comparison you really want. It might be worthwhile to go through some of the soon-to-be-deprecated callsites to see what they're actually trying to do before adding a method on GURL...The first patch is https://chromium-review.googlesource.com/c/chromium/src/+/3220292, but I should probably take it through the LSC process...This LGTM. Maybe it is worth pointing to //docs/security/origin-vs-url.md in the comment of the deprecated method?I added you as a reviewer on the CL. Happy to make whatever changes to the comment you'd like to see. :)-mike
--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAA_NCUHWXzf4pB%3Dmho7Ka_%2BNi7y%3DeEEiNedW1Ss4VM%2Bypf3ZXg%40mail.gmail.com.
So how do you get an origin in the first place?
url::Origin::Resolve requires an origin to call, so you need some origin to start with.
Origins are often used when persisting data to disk and restoring it (admittedly, these should always be HTTP/HTTPs origins, though we shouldn't DCHECK that data loaded from disk is valid)
We don't generally persist opaque origins, and have historically been explicitly discouraged from doing so. url::Origin::Serialize is also lossy, since it drops precursor data. I'm not seeing how that's different from persisting as a URL. Am I missing something?
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAA_NCUHZmAD20j1w4E_4K7TERLTnGzJLoJE_dvAEZ%2BYT%2BHN6sw%40mail.gmail.com.
I actually think we should make it easier for unit tests to create origins—they should be able to skip the GURL() boilerplate if they just have a std::string, IMO.
DanielOn Thu, 14 Oct 2021 at 12:00, mark a. foltz <mfo...@chromium.org> wrote:Many unit tests create origins from strings via url::Origin::Create(GURL("")).
It sounds like you are adding some conditions in the future around origin creation. What are those conditions?
Who will be responsible for fixing all of the tests that rely on pre-existing origin strings that don't mee the conditions?
Consider not setting conditions on url::Origin::CreateForTesting and declaring it in a test-only compilation unit so the migration for tests can be somewhat mechanical (not requiring updating test logic).