From fc62a05c980682458b39f5e681bda699d47b53a8 Mon Sep 17 00:00:00 2001
From: Shannon Booth <shannon@serenityos.org>
Date: Wed, 18 Jun 2025 14:52:11 +1200
Subject: [PATCH] LibWeb/DOM: Set Document's origin in JS constructor

We were missing this spec step, which meant that the created
document had no origin, causing a crash when accessed for same-origin
checks.
---
 Libraries/LibWeb/DOM/Document.cpp                         | 8 ++++++--
 Libraries/LibWeb/DOM/Document.h                           | 2 +-
 .../LibWeb/Crash/DOM/document-constructor-no-origin.html  | 4 ++++
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 Tests/LibWeb/Crash/DOM/document-constructor-no-origin.html

diff --git a/Libraries/LibWeb/DOM/Document.cpp b/Libraries/LibWeb/DOM/Document.cpp
index c274b06d646..3e9b9d0b5b6 100644
--- a/Libraries/LibWeb/DOM/Document.cpp
+++ b/Libraries/LibWeb/DOM/Document.cpp
@@ -424,9 +424,13 @@ WebIDL::ExceptionOr<GC::Ref<Document>> Document::create_and_initialize(Type type
     return document;
 }
 
-WebIDL::ExceptionOr<GC::Ref<Document>> Document::construct_impl(JS::Realm& realm)
+// https://dom.spec.whatwg.org/#dom-document-document
+GC::Ref<Document> Document::construct_impl(JS::Realm& realm)
 {
-    return Document::create(realm);
+    // The new Document() constructor steps are to set this’s origin to the origin of current global object’s associated Document. [HTML]
+    auto document = Document::create(realm);
+    document->set_origin(as<HTML::Window>(HTML::current_principal_global_object()).associated_document().origin());
+    return document;
 }
 
 GC::Ref<Document> Document::create(JS::Realm& realm, URL::URL const& url)
diff --git a/Libraries/LibWeb/DOM/Document.h b/Libraries/LibWeb/DOM/Document.h
index c704c5d80f7..b66369eb83a 100644
--- a/Libraries/LibWeb/DOM/Document.h
+++ b/Libraries/LibWeb/DOM/Document.h
@@ -178,7 +178,7 @@ public:
 
     [[nodiscard]] static GC::Ref<Document> create(JS::Realm&, URL::URL const& url = URL::about_blank());
     [[nodiscard]] static GC::Ref<Document> create_for_fragment_parsing(JS::Realm&);
-    static WebIDL::ExceptionOr<GC::Ref<Document>> construct_impl(JS::Realm&);
+    static GC::Ref<Document> construct_impl(JS::Realm&);
     virtual ~Document() override;
 
     // AD-HOC: This number increments whenever a node is added or removed from the document, or an element attribute changes.
diff --git a/Tests/LibWeb/Crash/DOM/document-constructor-no-origin.html b/Tests/LibWeb/Crash/DOM/document-constructor-no-origin.html
new file mode 100644
index 00000000000..8cdce459ced
--- /dev/null
+++ b/Tests/LibWeb/Crash/DOM/document-constructor-no-origin.html
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+    let d = new Document().domain;
+</script>