diff --git a/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp b/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp
index c6f04e92918..3279798a6cd 100644
--- a/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp
+++ b/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp
@@ -48,7 +48,7 @@ bool BrowsingContextContainer::may_access_from_origin(const Origin& origin) cons
if (!page->is_same_origin_policy_enabled())
return true;
}
- return origin.is_same(content_origin());
+ return origin.is_same_origin(content_origin());
}
const DOM::Document* BrowsingContextContainer::content_document() const
diff --git a/Userland/Libraries/LibWeb/Origin.h b/Userland/Libraries/LibWeb/Origin.h
index 6ce0097e09e..aa19f36aa18 100644
--- a/Userland/Libraries/LibWeb/Origin.h
+++ b/Userland/Libraries/LibWeb/Origin.h
@@ -28,15 +28,22 @@ public:
const String& host() const { return m_host; }
u16 port() const { return m_port; }
- bool is_same(const Origin& other) const
+ // https://html.spec.whatwg.org/multipage/origin.html#same-origin
+ bool is_same_origin(Origin const& other) const
{
+ // 1. If A and B are the same opaque origin, then return true.
+ if (is_opaque() && other.is_opaque())
+ return true;
+
+ // 2. If A and B are both tuple origins and their schemes, hosts, and port are identical, then return true.
+ // 3. Return false.
return protocol() == other.protocol()
&& host() == other.host()
&& port() == other.port();
}
- bool operator==(Origin const& other) const { return is_same(other); }
- bool operator!=(Origin const& other) const { return !is_same(other); }
+ bool operator==(Origin const& other) const { return is_same_origin(other); }
+ bool operator!=(Origin const& other) const { return !is_same_origin(other); }
private:
String m_protocol;
diff --git a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
index 314284673ee..a1dd3244b37 100644
--- a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
+++ b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
@@ -394,7 +394,7 @@ DOM::ExceptionOr XMLHttpRequest::send(String body)
if (auto* page = m_window->page())
should_enforce_same_origin_policy = page->is_same_origin_policy_enabled();
- if (should_enforce_same_origin_policy && !m_window->associated_document().origin().is_same(request_url_origin)) {
+ if (should_enforce_same_origin_policy && !m_window->associated_document().origin().is_same_origin(request_url_origin)) {
dbgln("XHR failed to load: Same-Origin Policy violation: {} may not load {}", m_window->associated_document().url(), request_url);
set_ready_state(ReadyState::Done);
dispatch_event(DOM::Event::create(HTML::EventNames::error));