Currently, the process model defines isolation principals using "sites" (scheme and etld+1) and "site URLs". However, we've been extending and redefining sites beyond the original definition, and we are starting to hit situations in which GURLs or url::Origins alone aren't enough to represent a principal:
1. We now support process isolation for particular origins ( issue 713444 ), where we use the full origin rather than just a scheme/etld+1.
2. Webview guests currently use a special site URL which doesn't match the site of actual web content being rendered inside them. Eventually, we want to introduce knowledge of StoragePartition to support cross-process navigations and OOPIFs in guests.
3. With Isolate-Me (https://wicg.github.io/isolation/explainer.html), we might need to support knowledge of StoragePartitions as well.
4. Hosted apps use a chrome-extension:// site_url, which does not match the origin from which the web content is served.
Referring to the isolation principal using a site_url is confusing in those cases, and representing site_urls with GURLs has led to bugs since it's too easy to pass in the wrong kind of URL (e.g., a full URL to a function that expects a site URL). Two examples: https://codereview.chromium.org/2921063003/ for GetProcessHostForSite and https://codereview.chromium.org/2322673005/ for DoesSiteRequireDedicatedProcess. Let's come up with something better!
Charlie notes that there was an earlier attempt at introducing a better notion of a principal in issue 109792 , and that it might be time to revisit that.
Comment 1 by alex...@chromium.org
, Aug 4 2017