diff --git a/spec/index.bs b/spec/index.bs
index 133f224e..e68c2cbb 100644
--- a/spec/index.bs
+++ b/spec/index.bs
@@ -1168,8 +1168,8 @@ To <dfn>fetch request</dfn> given a [=/request=] |request|, |globalObject|, and
 
 <div algorithm>
 When <dfn>computing the manifest URL</dfn> given an {{IdentityProviderConfig}} |provider|, a
-[=string=] |manifestString|, and |globalObject|, perform the following steps. This returns a
-<a spec=url for=/>URL</a> or failure.
+[=string=] |manifestString|, a boolean |requireSameOrigin|, and |globalObject|, perform the
+following steps. This returns a <a spec=url for=/>URL</a> or failure.
     1. Let |configUrl| be the result of running [=parse url=] with |provider|'s
         {{IdentityProviderConfig/configURL}} and |globalObject|.
     1. Let |manifestUrl| be the result of running [=parse url=] given |manifestString| (the relative
@@ -1180,7 +1180,10 @@ When <dfn>computing the manifest URL</dfn> given an {{IdentityProviderConfig}} |
         allowed.
 
     1. If |manifestUrl| is failure, return failure.
-    1. If |manifestUrl| is not [=same origin=] with |configUrl|, return failure.
+    1. If |requireSameOrigin| and |manifestUrl| is not [=same origin=] with |configUrl|, return
+        failure.
+    1. If |requireSameOrigin| is false and |manifestUrl|'s <a spec=url>domain</a> is not equal to
+        |configUrl|'s, return failure.
     1. If |manifestUrl| is not a [=potentially trustworthy URL=], return failure.
     1. Return |manifestUrl|.
 </div>