Skip to content

Commit cc2afed

Browse files
annevkannevk
committed
Move the opaque-response-safelist check invocation
(CORB as specified applied to service worker responses, but that seems wrong.)
1 parent 8feb3d6 commit cc2afed

File tree

1 file changed

+12
-14
lines changed

1 file changed

+12
-14
lines changed

fetch.bs

+12-14
Original file line numberDiff line numberDiff line change
@@ -4390,14 +4390,8 @@ steps:
43904390

43914391
<li><p>Set <var>request</var>'s <a for=request>response tainting</a> to "<code>opaque</code>".
43924392

4393-
<li><p>Let <var>opaqueResponse</var> be the result of running <a>scheme fetch</a> given
4394-
<var>fetchParams</var>.
4393+
<li><p>Return the result of running <a>scheme fetch</a> given <var>fetchParams</var>.
43954394
<!-- file URLs end up here as they are not same-origin typically. -->
4396-
4397-
<li><p>If the <a>opaque-response-safelist check</a> given <var>request</var> and
4398-
<var>opaqueResponse</var> returns true, then return <var>opaqueResponse</var>.
4399-
4400-
<li><p>Return a <a>network error</a>.
44014395
</ol>
44024396

44034397
<dt><var>request</var>'s <a for=request>current URL</a>'s <a for=url>scheme</a> is not an
@@ -4971,19 +4965,23 @@ these steps:
49714965
<li><p>Set <var>response</var> and <var>actualResponse</var> to the result of running
49724966
<a>HTTP-network-or-cache fetch</a> given <var>fetchParams</var>.
49734967

4974-
<li>
4975-
<p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>cors</code>" and a
4976-
<a>CORS check</a> for <var>request</var> and <var>response</var> returns failure, then return a
4977-
<a>network error</a>.
4968+
<li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>opaque</code>",
4969+
<var>response</var>'s <a for=response>status</a> is not a <a>redirect status</a>, and the
4970+
<a>opaque-response-safelist check</a> given <var>request</var> and <var>response</var> returns
4971+
false, then return a <a>network error</a>.
49784972

4979-
<p class="note no-backref">As the <a>CORS check</a> is not to be applied to
4980-
<a for=/>responses</a> whose <a for=response>status</a> is 304 or 407, or <a for=/>responses</a>
4981-
from a service worker for that matter, it is applied here.
4973+
<li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>cors</code>" and
4974+
the <a>CORS check</a> for <var>request</var> and <var>response</var> returns failure, then return
4975+
a <a>network error</a>.
49824976

49834977
<li><p>If the <a>TAO check</a> for <var>request</var> and <var>response</var> returns failure,
49844978
then set <var>request</var>'s <a for=request>timing allow failed flag</a>.
49854979
</ol>
49864980

4981+
<p class=note>As the <a>opaque-response-safelist check</a>, <a>CORS check</a>, and
4982+
<a>TAO check</a> are not to be applied to <a for=/>responses</a> whose <a for=response>status</a>
4983+
is 304 or 407, or to <a for=/>responses</a> from a service worker, they are applied here.
4984+
49874985
<li>
49884986
<p>If either <var>request</var>'s <a for=request>response tainting</a> or <var>response</var>'s
49894987
<a for=response>type</a> is "<code>opaque</code>", and the

0 commit comments

Comments
 (0)