design-reviews#1130: Incubation: An `Origin` Object

#1130: Incubation: An `Origin` Object

Opened

Aug 5, 2025

GitHub repo: https://github.com/mikewest/origin-api/
Primary contacts:
- @mikewest, Google, Chrome
Organization/project driving the design: Chrome.
This work is being funded by: Google.
Incubation and standards groups that have discussed the design:
- Nada.
Standards group(s) that you expect to discuss and/or adopt this work when it's ready: HTML @ WHATWG

Multi-stakeholder feedback:
- Chromium comments: I like it. @domenic didn't hate it.
- Mozilla comments: https://github.com/mozilla/standards-positions/issues/1280
- WebKit comments: https://github.com/WebKit/standards-positions/issues/538
- Some conversation around https://github.com/whatwg/urlpattern/issues/275
Major unresolved issues with or opposition to this design:
- @annevk noted in the URLPattern thread linked directly above that the specific case of postMessage() validation could be satisfied with a narrower matching API that encouraged developers to think about more than the origin, which is a reasonable suggestion.

There's some relationship to @annevk's https://github.com/whatwg/url/pull/288, though I think that aims to solve a distinct problem.
This would be, I think, the first place we'd directly expose the "same-site" concept in a way that enabled comparison.
This proposal derives a "site" from an origin (a la HTML's "obtain a site" and "same site" definitions), and exposes it as a property of that concept. It could also be reasonable to expose it through the aforementioned URLHost proposal, or more directly on a URL. IMO, none of those are mutually exclusive, and I can see reasonable arguments for several of them (URLHost, for instance, seems particularly well-suited to explain the "schemelessly same site" concept,