whatwg · bvandersloot-mozilla · Aug 1, 2025 · Sep 15, 2025 · Sep 16, 2025 · Sep 25, 2025
diff --git a/source b/source
@@ -92621,8 +92621,8 @@ interface <dfn interface>BarProp</dfn> {
   <p>To <dfn>set up a window environment settings object</dfn>, given a <span>URL</span>
   <var>creationURL</var>, a <span>JavaScript execution context</span> <var>execution context</var>,
   null or an <span>environment</span> <var>reservedEnvironment</var>, a <span>URL</span>
-  <var>topLevelCreationURL</var>, and an <span>origin</span> <var>topLevelOrigin</var>, run these
-  steps:</p>
+  <var>topLevelCreationURL</var>, an <span>origin</span> <var>topLevelOrigin</var>, and a
+  boolean <var>hasCrossSiteAncestor</var>:</p>
 
   <ol>
    <li><p>Let <var>realm</var> be the value of <var>execution context</var>'s Realm
@@ -92660,30 +92660,6 @@ interface <dfn interface>BarProp</dfn> {
       <span data-x="concept-document-window">associated <code>Document</code></span>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-has-cross-site-ancestor">has cross-site
-     ancestor</span></dt>
-     <dd>
-      <ol>
-       <li><p>If <var>window</var>'s <span>navigable</span>'s <span
-       data-x="nav-parent">parent</span> is null, then return false.</p></li>
-
-       <li><p>Let <var>parentDocument</var> be <var>window</var>'s <span>navigable</span>'s <span
-       data-x="nav-parent">parent</span>'s <span data-x="nav-document">active
-       document</span>.</p></li>
-
-       <li><p>If <var>parentDocument</var>'s <span>relevant settings object</span>'s <span
-       data-x="concept-settings-object-has-cross-site-ancestor">has cross-site ancestor</span> is
-       true, then return true.</p></li>
-
-       <li><p>If <var>parentDocument</var>'s <span data-x="concept-document-origin">origin</span>
-       is not <span>same site</span> with <var>window</var>'s <span
-       data-x="concept-document-window">associated <code>Document</code></span>'s <span
-       data-x="concept-document-origin">origin</span>, then return true.</p></li>
-
-       <li><p>Return false.</p></li>
-      </ol>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-policy-container">policy container</span></dt>
      <dd>
       <p>Return the <span data-x="concept-document-policy-container">policy container</span> of
@@ -92748,8 +92724,10 @@ interface <dfn interface>BarProp</dfn> {
 
    <li><p>Set <var>settings object</var>'s <span data-x="concept-environment-creation-url">creation
    URL</span> to <var>creationURL</var>, <var>settings object</var>'s <span>top-level creation
-   URL</span> to <var>topLevelCreationURL</var>, and <var>settings object</var>'s <span>top-level
-   origin</span> to <var>topLevelOrigin</var>.</p></li>
+   URL</span> to <var>topLevelCreationURL</var>, <var>settings object</var>'s <span>top-level
+   origin</span> to <var>topLevelOrigin</var>, and <var>settings object</var>'s <span
+   data-x="concept-environment-cross-site-ancestor">has cross-site ancestor</span> to
+   <var>hasCrossSiteAncestor</var>.</p></li>
 
    <li><p>Set <var>realm</var>'s [[HostDefined]] field to <var>settings object</var>.</p></li>
   </ol>
@@ -100111,9 +100089,20 @@ interface <dfn interface>NotRestoredReasons</dfn> {
    otherwise <var>embedder</var>'s <span>relevant settings object</span>'s <span>top-level
    origin</span>.</p></li>
 
+   <li><p>Let <var>hasCrossSiteAncestor</var> be false.</p></li>
+
+   <li><p>If <var>embedder</var> is not null, then set <var>hasCrossSiteAncestor</var>  to
+   <var>embedder</var>'s <span>relevant settings object</span>'s <span
+   data-x="concept-environment-cross-site-ancestor"> has cross-site ancestor</span>.</p></li>
+
+   <li><p>If <var>embedder</var> is not null, and <var>origin</var> is not <span>same site</span>
+   with <var>embedder</var>'s <span>relevant settings object</span>'s <span
+   data-x="concept-settings-object-origin">origin</span>, then set <var>hasCrossSiteAncestor</var>
+   to true.</p></li>
+
    <li><p><span>Set up a window environment settings object</span> with <code>about:blank</code>,
-   <var>realm execution context</var>, null, <var>topLevelCreationURL</var>, and
-   <var>topLevelOrigin</var>.</p></li>
+   <var>realm execution context</var>, null, <var>topLevelCreationURL</var>,
+   <var>topLevelOrigin</var>, and <var>hasCrossSiteAncestor</var>.</p></li>
 
    <li><p>Let <var>loadTimingInfo</var> be a new <span>document load timing info</span> with
    its <span>navigation start time</span> set to the result of calling <span>coarsen time</span>
@@ -104209,6 +104198,8 @@ location.href = '#foo';</code></pre>
 
        <li><p>Let <var>topLevelOrigin</var> be null.</p></li>
 
+       <li><p>Let <var>hasCrossSiteAncestor</var> be false.</p></li>
+
        <li>
         <p>If <var>navigable</var> is not a <span>top-level traversable</span>, then:</p>
 
@@ -104222,6 +104213,15 @@ location.href = '#foo';</code></pre>
 
          <li><p>Set <var>topLevelOrigin</var> to <var>parentEnvironment</var>'s <span>top-level
          origin</span>.</p></li>
+
+         <li><p>Set <var>hasCrossSiteAncestor</var> to <var>parentEnvironment</var>'s <span
+         data-x="concept-environment-cross-site-ancestor">has cross-site ancestor</span>.</p></li>
+
+         <li><p>If <var>parentEnvironment</var>'s <span
+         data-x="concept-settings-object-origin">origin</span> is not <span>same site</span> with
+         <var>navigable</var>'s <span data-x="nav-document">active document</span>'s <span>relevant
+         settings object</span>'s <span data-x="concept-settings-object-origin">origin</span>, then
+         set <var>hasCrossSiteAncestor</var> to true.</p></li>
         </ol>
        </li>
 
@@ -104232,8 +104232,10 @@ location.href = '#foo';</code></pre>
         data-x="concept-environment-target-browsing-context">target browsing context</span> is
         <var>navigable</var>'s <span data-x="nav-bc">active browsing context</span>, <span
         data-x="concept-environment-creation-url">creation URL</span> is <var>currentURL</var>,
-        <span>top-level creation URL</span> is <var>topLevelCreationURL</var>, and <span>top-level
-        origin</span> is <var>topLevelOrigin</var>.</p>
+        <span>top-level creation URL</span> is <var>topLevelCreationURL</var>, <span>top-level
+        origin</span> is <var>topLevelOrigin</var>, and <span
+        data-x="concept-environment-cross-site-ancestor">has cross-site ancestor</span> is
+        <var>hasCrossSiteAncestor</var>.</p>
 
         <p class="note">The created environment's <span
         data-x="concept-environment-active-service-worker">active service worker</span> is set in
@@ -106737,6 +106739,8 @@ location.href = '#foo';</code></pre>
      <li><p>Let <var>topLevelOrigin</var> be <var>navigationParams</var>'s <span
      data-x="navigation-params-origin">origin</span>.</p></li>
 
+     <li><p>Let <var>hasCrossSiteAncestor</var> be false.</p></li>
+
      <li>
       <p>If <var>navigable</var>'s <span data-x="nav-container">container</span> is not null,
       then:</p>
@@ -106750,13 +106754,22 @@ location.href = '#foo';</code></pre>
 
        <li><p>Set <var>topLevelOrigin</var> to <var>parentEnvironment</var>'s <span>top-level
        origin</span>.</p></li>
+
+       <li><p>Set <var>hasCrossSiteAncestor</var> to <var>parentEnvironment</var>'s <span
+       data-x="concept-environment-cross-site-ancestor">has cross-site ancestor</span>.</p></li>
+
+       <li><p>If <var>navigationParams</var>'s <span
+       data-x="navigation-params-request">origin</span> is not <span>same site</span> with
+       <var>parentEnvironment</var>'s <span data-x="concept-settings-object-origin">origin</span>,
+       then set <var>hasCrossSiteAncestor</var> to true.</p>
       </ol>
      </li>
 
      <li><p><span>Set up a window environment settings object</span> with <var>creationURL</var>,
      <var>realmExecutionContext</var>, <var>navigationParams</var>'s <span
      data-x="navigation-params-reserved-environment">reserved environment</span>,
-     <var>topLevelCreationURL</var>, and <var>topLevelOrigin</var>.</p></li>
+     <var>topLevelCreationURL</var>, <var>topLevelOrigin</var>, and
+     <var>hasCrossSiteAncestor</var>.</p></li>
     </ol>
 
     <p class="note">This is the usual case, where the new <code>Document</code> we're about to
@@ -108624,6 +108637,15 @@ new PaymentRequest(&hellip;); // Allowed to use
     involved.</p>
    </dd>
 
+   <dt>A <dfn data-x="concept-environment-cross-site-ancestor" export for="environment">has
+   cross-site ancestor</dfn></dt>
+   <dd><p>A boolean. For window <span>environment settings object</span>s this will be set to true
+   if an ancestor frame has an <span data-x="concept-settings-object-origin">origin</span> that is
+   not <span>same site</span> with the current window's <span
+   data-x="concept-settings-object-origin">origin</span> and otherwise false. For workers and
+   worklets it is set to the <span data-x="concept-environment-cross-site-ancestor">has cross-site
+   ancestor</span> of its creator.</p></dd>
+
    <dt>A <dfn data-x="concept-environment-target-browsing-context" export
    for="environment">target browsing context</dfn></dt>
    <dd><p>Null or a target <span>browsing context</span> for a <span
@@ -108687,10 +108709,6 @@ new PaymentRequest(&hellip;); // Allowed to use
     <p>An <span>origin</span> used in security checks.</p>
    </dd>
 
-   <dt>A <dfn data-x="concept-settings-object-has-cross-site-ancestor" export
-   for="environment settings object">has cross-site ancestor</dfn></dt>
-   <dd><p>A boolean used in security checks.</p></dd>
-
    <dt>A <dfn data-x="concept-settings-object-policy-container" export
    for="environment settings object">policy container</dfn></dt>
 
@@ -123514,23 +123532,6 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
       origin</var> otherwise.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-has-cross-site-ancestor">has cross-site
-     ancestry</span></dt>
-     <dd>
-      <ol>
-       <li><p>If <var>outside settings</var>'s <span
-       data-x="concept-settings-object-has-cross-site-ancestor">has cross-site ancestor</span> is
-       true, then return true.</p></li>
-
-       <li><p>If <var>worker global scope</var>'s <span
-       data-x="concept-WorkerGlobalScope-url">url</span>'s <span
-       data-x="concept-url-scheme">scheme</span> is "<code data-x="">data</code>", then return
-       true.</p></li>
-
-       <li><p>Return false.</p></li>
-      </ol>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-policy-container">policy container</span></dt>
      <dd>
       <p>Return <var>worker global scope</var>'s <span
@@ -123555,8 +123556,10 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
    unique opaque string, <span data-x="concept-environment-creation-url">creation URL</span> to
    <var>worker global scope</var>'s <span>url</span>, <span>top-level creation URL</span> to null,
    <span data-x="concept-environment-target-browsing-context">target browsing context</span> to
-   null, and <span data-x="concept-environment-active-service-worker">active service worker</span>
-   to null.</p></li>
+   null, <span data-x="concept-environment-active-service-worker">active service worker</span>
+   to null, and <span data-x="concept-environment-cross-site-ancestor">has cross-site
+   ancestor</span> to <var>outside settings</var>'s <span
+   data-x="concept-environment-cross-site-ancestor">has cross-site ancestor</span>.</p></li>
 
    <li><p>If <var>worker global scope</var> is a <code>DedicatedWorkerGlobalScope</code> object,
    then set <var>settings object</var>'s <span>top-level origin</span> to <var>outside
@@ -124813,10 +124816,6 @@ interface <dfn interface>WorkletGlobalScope</dfn> {};</code></pre>
       <p>Return <var>origin</var>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-has-cross-site-ancestor">has cross-site
-     ancestor</span></dt>
-     <dd><p>Return true.</p></dd>
-
      <dt>The <span data-x="concept-settings-object-policy-container">policy container</span></dt>
      <dd>
       <p>Return <var>inheritedPolicyContainer</var>.</p>