diff --git a/fetch.bs b/fetch.bs index 7872b8067..c5bc94656 100755 --- a/fetch.bs +++ b/fetch.bs @@ -135,6 +135,7 @@ urlPrefix:https://www.rfc-editor.org/rfc/rfc6454;type:dfn;spec:RFC6454
spec:dom; type:dfn; text:element spec:infra; type:dfn; text:implementation-defined +spec:infra; type:dfn; text:success@@ -2307,10 +2308,19 @@ Unless stated otherwise, it is unset. timing allow failed flag. Unless stated otherwise, it is unset. +
A request has an associated +navigation timing allow values list (a list of +lists of strings). Unless stated otherwise, it is « ». + +
Each item in the navigation timing allow values list
+holds the `Timing-Allow-Origin` values of one redirect response in a
+navigation's redirect chain.
+
A request's URL list, current URL, redirect count, response tainting, -done flag, and timing allow failed flag are used as -bookkeeping details by the fetch algorithm. +done flag, timing allow failed flag, and +navigation timing allow values list are used as bookkeeping details by the +fetch algorithm.
A request has an associated WebDriver id @@ -2608,6 +2618,15 @@ allowed on the resource fetched by looking at the flag of the response returned. the response of a redirect has to be set if it was set for previous responses in the redirect chain, this is also tracked internally using the request's timing allow failed flag. +
A response has an associated +navigation timing allow values list (a list of +lists of strings). Unless stated otherwise, it is « ». + +
This holds the `Timing-Allow-Origin` values of each redirect
+response in a navigation's redirect chain. It is used so that callers can determine,
+once the navigation's destination origin is known, whether that origin is allowed by every redirect
+in the redirect chain.
+
A response has an associated body info (a response body info). Unless stated otherwise, it is a new @@ -5104,6 +5123,11 @@ steps:
Set internalResponse's redirect taint to request's redirect-taint. +
If request is a navigation request, then set + internalResponse's navigation timing allow values list to a + clone of request's + navigation timing allow values list. +
If request's timing allow failed flag is unset, then set internalResponse's timing allow passed flag. @@ -5884,6 +5908,10 @@ these steps:
If internalResponse's status is a redirect status:
If request is a navigation request, then + append to a request's navigation timing allow values list given request and + internalResponse. +
If internalResponse's status is not 303, request's body is non-null, and the connection uses HTTP/2, then user agents @@ -7311,6 +7339,48 @@ agent's CORS-preflight cache for which there is a cache entry match +
To append to a request's navigation timing allow values list, given a +request request and a response response: + +
Assert: request is a navigation request. + +
Let taoValues be the result of
+ getting, decoding, and splitting `Timing-Allow-Origin` from
+ response's header list.
+
+
If taoValues is null, then set taoValues to « ». + +
Append taoValues to request's + navigation timing allow values list. +
To perform a navigation TAO check for a +response response and an origin +destinationOrigin: + +
For each taoValues of response's + navigation timing allow values list: + +
+ +Return success. +
Deferred fetching allows callers to request that a fetch is invoked at the latest possible