Deprecate document.origin

Intent to Deprecate and Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/0D_37iuh1zc/ndyyNaxgCQAJ Bug: 692084 Change-Id: Iae09a7d82e09c9bc3f0394dfa476370fd1efe516 Reviewed-on: https://chromium-review.googlesource.com/1013699Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Philip Jägenstedt <foolip@chromium.org> Cr-Commit-Position: refs/heads/master@{#553537}

Deprecate document.origin
Intent to Deprecate and Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/0D_37iuh1zc/ndyyNaxgCQAJ Bug: 692084 Change-Id: Iae09a7d82e09c9bc3f0394dfa476370fd1efe516 Reviewed-on: https://chromium-review.googlesource.com/1013699Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Philip Jägenstedt <foolip@chromium.org> Cr-Commit-Position: refs/heads/master@{#553537}
52308ad8 · Philip Jägenstedt · Commit Bot · 90cd442f · 52308ad8 · 52308ad8
Commit 52308ad8 authored Apr 25, 2018 by Philip Jägenstedt Committed by Commit Bot Apr 25, 2018
17 changed files
--- a/third_party/WebKit/LayoutTests/dom/domparsing/domparser-document-origin.html
+++ b/third_party/WebKit/LayoutTests/dom/domparsing/domparser-document-origin.html
@@ -3,6 +3,6 @@
 <script src="../../resources/testharnessreport.js"></script>
 <script>
 test (function() {
-	assert_equals((new DOMParser).parseFromString("", "text/html").origin, document.origin);
+	assert_equals((new DOMParser).parseFromString("", "text/html").origin, self.origin);
 }, "This test checks that documents created from DOMParser inherit origin");
 </script>
--- a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html
@@ -10,7 +10,7 @@
            var i = document.createElement('iframe');
            i.src = "support/frame-ancestors-and-x-frame-options.sub.html?policy='self'&xfo=DENY";
            i.onload = t.step_func_done(function () {
-                assert_equals(i.contentDocument.origin, document.origin, "The same-origin page loaded.");
+                assert_equals(i.contentWindow.origin, window.origin, "The same-origin page loaded.");
            });
            document.body.appendChild(i);
        }, "A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would block the page.");

--- a/third_party/WebKit/LayoutTests/external/wpt/referrer-policy/generic/common.js
+++ b/third_party/WebKit/LayoutTests/external/wpt/referrer-policy/generic/common.js
@@ -248,7 +248,3 @@ function queryScript(url, callback) {
 function SanityChecker() {}
 SanityChecker.prototype.checkScenario = function() {};
 SanityChecker.prototype.checkSubresourceResult = function() {};
-// TODO(kristijanburnik): document.origin is supported since Chrome 41,
-// other browsers still don't support it. Remove once they do.
-document.origin = document.origin || (location.protocol + "//" + location.host);
--- a/third_party/WebKit/LayoutTests/external/wpt/referrer-policy/generic/referrer-policy-test-case.js
+++ b/third_party/WebKit/LayoutTests/external/wpt/referrer-policy/generic/referrer-policy-test-case.js
@@ -29,7 +29,7 @@ function ReferrerPolicyTestCase(scenario, testDescription, sanityChecker) {
      return undefined;
    },
    "origin": function() {
-      return document.origin + "/";
+      return self.origin + "/";
    },
    "stripped-referrer": function() {
      return stripUrlForUseAsReferrer(location.toString());

--- a/third_party/WebKit/LayoutTests/fast/dom/everything-to-string-expected.txt
+++ b/third_party/WebKit/LayoutTests/fast/dom/everything-to-string-expected.txt
 CONSOLE WARNING: line 17: 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
+CONSOLE WARNING: line 28: document.origin is deprecated and will be removed in M70, around October 2018. Please use self.origin (window.origin) instead. See https://www.chromestatus.com/features/5701042356355072 for more details.
 Test for bug 8131: Some properties and methods of window and document objects cannot be converted to a string.
 Should say SUCCESS:

--- a/third_party/WebKit/LayoutTests/http/tests/background_fetch/block-cors-preflights.https.html
+++ b/third_party/WebKit/LayoutTests/http/tests/background_fetch/block-cors-preflights.https.html
@@ -24,7 +24,7 @@ backgroundFetchTest((t, bgFetch) => {
 }, 'POST and text/plain are whitelisted, so should register ok');
 backgroundFetchTest((t, bgFetch) => {
-  return bgFetch.fetch(uniqueTag(), new Request(document.origin, {
+  return bgFetch.fetch(uniqueTag(), new Request(self.origin, {
    method: 'PUT',
    headers: {'Content-Type': 'text/json'}
  }));

--- a/third_party/WebKit/LayoutTests/http/tests/media/encrypted-media/encrypted-media-encrypted-event-different-origin.html
+++ b/third_party/WebKit/LayoutTests/http/tests/media/encrypted-media/encrypted-media-encrypted-event-different-origin.html
@@ -56,7 +56,7 @@
                    // Verify that the current origin is different than what
                    // we use for the content.
                    logMessage('setting src');
-                    assert_equals(document.origin, 'http://127.0.0.1:8000');
+                    assert_equals(self.origin, 'http://127.0.0.1:8000');
                    video.src = 'http://127.0.0.1:8080/media/encrypted-media/test-encrypted.webm';
                    video.play();
                });

--- a/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/a-ping.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/a-ping.html
@@ -43,7 +43,7 @@
  ];
  url_list.forEach(url => test(t => {
    var a = document.createElement('a');
-    a.ping = document.origin + url;
+    a.ping = self.origin + url;
    a.href = '#' + url;
    document.body.appendChild(a);
    a.click();

--- a/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/blob-url-script-in-sandboxed-iframe.https.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/blob-url-script-in-sandboxed-iframe.https.html
@@ -16,7 +16,7 @@ async_test(t => {
    f.sandbox = "allow-scripts";
    f.srcdoc = `
        <script>
-        var url = URL.createObjectURL(new Blob(["parent.postMessage('PASS: origin=' + document.origin, '*');"]));
+        var url = URL.createObjectURL(new Blob(["parent.postMessage('PASS: origin=' + self.origin, '*');"]));
        var s = document.createElement("script");
        s.src = url;
        document.head.appendChild(s);

--- a/third_party/WebKit/LayoutTests/http/tests/security/resources/post-origin-to-opener.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/resources/post-origin-to-opener.html
 <script>
-    opener.postMessage({ 'origin': document.origin }, '*');
+    opener.postMessage({ 'origin': self.origin }, '*');
 </script>
--- a/third_party/WebKit/LayoutTests/http/tests/security/resources/post-origin-to-parent.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/resources/post-origin-to-parent.html
 <script>
-    window.parent.postMessage({ 'origin': document.origin }, '*');
+    window.parent.postMessage({ 'origin': self.origin }, '*');
 </script>
--- a/third_party/WebKit/LayoutTests/http/tests/security/resources/postmessage-document-origin.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/resources/postmessage-document-origin.html
@@ -3,7 +3,7 @@
    // origin.
    window.addEventListener('message', function (e) {
        event.source.postMessage({
-            'origin': document.origin,
+            'origin': self.origin,
            'id': e.data.id
        }, e.origin);
    });

--- a/third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document-unsandboxed-navigate.php
+++ b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document-unsandboxed-navigate.php
@@ -20,7 +20,7 @@ header("Content-Security-Policy: sandbox allow-scripts allow-popups allow-popups
        var win = null;
        window.addEventListener("message", test.step_func(function (e) {
-            assert_equals(document.origin, 'null');
+            assert_equals(self.origin, 'null');
            if (current == 0) {
                assert_equals(e.data.origin, 'http://127.0.0.1:8000');
                current++;

--- a/third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document-unsandboxed.php
+++ b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document-unsandboxed.php
@@ -18,8 +18,8 @@ header("Content-Security-Policy: sandbox allow-scripts allow-popups allow-popups
        var test = async_test("Testing sandbox not inherited via target='_blank' when 'allow-popups-to-escape-sandbox' present");
        window.addEventListener("message", test.step_func(function (e) {
-            assert_equals(document.origin, 'null');
+            assert_equals(self.origin, 'null');
-            assert_equals(e.data.origin, 'http://127.0.0.1:8000'); 
+            assert_equals(e.data.origin, 'http://127.0.0.1:8000');
            test.done();
        }));

--- a/third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document.php
+++ b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document.php
@@ -18,7 +18,7 @@ header("Content-Security-Policy: sandbox allow-scripts allow-popups");
        var test = async_test("Testing sandbox inherited via target='_blank'");
        window.addEventListener("message", test.step_func(function (e) {
-            assert_equals(document.origin, 'null');
+            assert_equals(self.origin, 'null');
            assert_equals(e.data.origin, 'null');
            test.done();
        }));

--- a/third_party/blink/renderer/core/dom/document.idl
+++ b/third_party/blink/renderer/core/dom/document.idl
@@ -43,7 +43,7 @@ typedef (HTMLScriptElement or SVGScriptElement) HTMLOrSVGScriptElement;
    [ImplementedAs=urlForBinding] readonly attribute USVString URL;
    // FIXME: documentURI should not be nullable.
    [ImplementedAs=urlForBinding] readonly attribute USVString? documentURI;
-    [MeasureAs=DocumentOrigin] readonly attribute USVString origin;
+    [DeprecateAs=DocumentOrigin] readonly attribute USVString origin;
    readonly attribute DOMString compatMode;
    readonly attribute DOMString characterSet;

--- a/third_party/blink/renderer/core/frame/deprecation.cc
+++ b/third_party/blink/renderer/core/frame/deprecation.cc
@@ -575,6 +575,12 @@ DeprecationInfo GetDeprecationInfo(WebFeature feature) {
                                    "TouchEvent constructor", kM68,
                                    "5668612064935936")};
+    case WebFeature::kDocumentOrigin:
+      return {"DocumentOrigin", kM70,
+              ReplacedWillBeRemoved("document.origin",
+                                    "self.origin (window.origin)", kM70,
+                                    "5701042356355072")};
    // Features that aren't deprecated don't have a deprecation message.
    default:
      return {"NotDeprecated", kUnknown, ""};