API concerns for originIsolationRestricted #31
Description
#24 proposes adding a window.originIsolationRestricted API to help web developers understand when opt-in origin isolation takes effect. I'm concerned about the API being a bit confusing as specified, and I wonder if any additional review is useful to make it easier to understand and use.
It sounds like the API is currently specified to return whether document.domain and postMessage are more restricted than usual, rather than whether they're restricted to an origin rather than a site. "Than usual" is a relative term, though, which makes it hard to predict or explain: it is true when the reason is opt-in origin isolation and COOP/COEP, but it is false when the reason is IP addresses, opaque origins, workers, etc. Thus, it isn't useful as an indicator of page behavior, but only as an indicator of certain arbitrary features' effects.
It also seems like we might aspire to some day have document.domain (and perhaps postMessage of WASM Modules) be restricted by default, which would again change the meaning of this API (either false everywhere, because the behavior never gets further restricted, or true everywhere, because it's always restricted). Having it be true everywhere seems like a more consistent thing to aspire to, at least from my perspective. (Otherwise its value would become true more commonly as isolation are adopted, then suddenly drop off if we restrict everywhere.)
From #24 (comment), I would suggest that option (1) seems like an easier concept to explain and have as part of the web platform, even if it doesn't map as directly to one concrete use case (i.e., "was my specific header the reason for the behavior change?").
As an aside, neither originIsolation nor originIsolationRestricted seem like particularly self-explanatory names here either, when side-by-side with crossOriginIsolated. Maybe the desired behavior is better to establish first, though, before any bikeshedding on the name.
@domenic @annevk @arturjanc @mikewest for thoughts.