Fix definition of site for null-registrable-domain cases

In particular, different ports on the same IP address need to be considered same-site, and public-suffix roots need to be considered same-site to their subdomains. Closes #5940; see #5940 (comment) in particular. Co-authored-by: Anne van Kesteren <[email protected]>
whatwg · Sep 28, 2020 · f76d3c5 · f76d3c5
1 parent ff8cb6e
commit f76d3c5
Showing 1 changed file with 14 additions and 13 deletions.
diff --git a/source b/source
@@ -80149,13 +80149,11 @@ interface <dfn>BarProp</dfn> {
 
   <h4>Sites</h4>
 
-  <p>A <dfn export>scheme-and-registrable-domain</dfn> is a <span>tuple</span> of a <span
-  data-x="concept-url-scheme">scheme</span> and a <span data-x="concept-domain">domain</span>.</p>
+  <p>A <dfn>scheme-and-host</dfn> is a <span>tuple</span> of a <span
+  data-x="concept-url-scheme">scheme</span> and a <span data-x="concept-host">host</span>.</p>
 
-  <p>A <dfn export>site</dfn> is an <span data-x="concept-origin-opaque">opaque origin</span>, a
-  <span data-x="concept-origin-tuple">tuple origin</span> whose <span
-  data-x="concept-origin-host">host</span>'s <span>registrable domain</span> is null, or a
-  <span>scheme-and-registrable-domain</span>.</p>
+  <p>A <dfn export>site</dfn> is an <span data-x="concept-origin-opaque">opaque origin</span> or a
+  <span>scheme-and-host</span>.</p>
 
   <p>To <dfn export>obtain a site</dfn>, given an origin <var>origin</var>, run these steps:</p>
 
@@ -80164,7 +80162,9 @@ interface <dfn>BarProp</dfn> {
    return <var>origin</var>.</p></li>
 
    <li><p>If <var>origin</var>'s <span data-x="concept-origin-host">host</span>'s <span>registrable
-   domain</span> is null, then return <var>origin</var>.</p></li>
+   domain</span> is null, then return <var>origin</var>'s (<span
+   data-x="concept-origin-scheme">scheme</span>, <var>origin</var>'s <span
+   data-x="concept-origin-host">host</span>).</p></li>
 
    <li><p>Return (<var>origin</var>'s <span data-x="concept-origin-scheme">scheme</span>,
    <var>origin</var>'s <span data-x="concept-origin-host">host</span>'s <span>registrable
@@ -80460,8 +80460,8 @@ interface <dfn>BarProp</dfn> {
   to return the <span>surrounding agent</span>'s <span>agent cluster</span>'s
   <span>origin-isolated</span>.</p>
 
-  <p class="note"><code>Document</code>s for which <span>obtain a site</span> returns an
-  <span>origin</span> can be considered unconditionally origin-isolated; for them the header has no
+  <p class="note"><code>Document</code>s with an <span data-x="concept-origin-opaque">opaque
+  origin</span> can be considered unconditionally origin-isolated; for them the header has no
   effect.</p>
 
   <p class="note">Similarly, <code>Document</code>s in a <span>cross-origin isolated</span>
@@ -88151,10 +88151,11 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
   of <span data-x="similar-origin window agent">similar-origin window agents</span>.</p>
 
   <p>An <dfn>agent cluster key</dfn> is a <span>site</span> or <span
-  data-x="concept-origin-tuple">tuple origin</span> whose <span
-  data-x="concept-origin-host">host</span>'s <span>registrable domain</span> is non-null. I.e., an
-  <span>agent cluster key</span> can be a <span>scheme-and-registrable-domain</span> or any
-  <span>origin</span>.</p>
+  data-x="concept-origin-tuple">tuple origin</span>. Without web developer action to achieve <a
+  href="#origin-isolation">origin isolation</a>, it will be a <span>site</span>.</p>
+
+  <p class="note">An equivalent formulation is that an <span>agent cluster key</span> can be a
+  <span>scheme-and-host</span> or an <span>origin</span>.</p>
 
   <p>To <dfn data-x="obtain-similar-origin-window-agent">obtain a similar-origin window agent</dfn>,
   given an <span>origin</span> <var>origin</var>, a <span>browsing context group</span>