The origin (protocol://host[:port]) the underlying session was established against, if known.
When set, Http.fetch refuses to attach the Authorization header to requests whose origin
does not match it (see originsMatch), so the session's token cannot leak to an unintended
identity provider. undefined means "unknown, do not enforce".
The origin (
protocol://host[:port]) the underlying session was established against, if known. When set, Http.fetch refuses to attach the Authorization header to requests whose origin does not match it (see originsMatch), so the session's token cannot leak to an unintended identity provider.undefinedmeans "unknown, do not enforce".