From 4d125ec95ff2d7adf712413f78b4289ee16d3ed7 Mon Sep 17 00:00:00 2001 From: Arthur Sonzogni Date: Thu, 17 Jun 2021 09:25:59 +0200 Subject: [PATCH] Address Yutaka comments #4. --- fetch.bs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fetch.bs b/fetch.bs index 9e06867b2..05ef7ccac 100644 --- a/fetch.bs +++ b/fetch.bs @@ -1902,8 +1902,8 @@ for=/>request request, run theses steps:

  • If request's client is null, return true.

  • If request's client's embedder policy is not "credentialless", return true.

    + object">embedder policy is not + "credentialless", return true.

  • If request's origin is same origin with request's current URL's origin, return true.

    @@ -1997,8 +1997,8 @@ being provided to an API that didn't make a range request. See the flag's usage description of the attack.

    A response has an associated request-include-credentials, which is -initially set. +id=concept-response-request-include-credentials>request-include-credentials (a boolean), which +is initially true.

    A response has an associated timing allow passed flag, which is @@ -4620,7 +4620,7 @@ steps. They return a response.

    is true; otherwise false. -

  • If Cross-Origin-Embedder-Policy allows credentials with request is +

  • If Cross-Origin-Embedder-Policy allows credentials with request returns false, set includeCredentials to false.

  • Let contentLength be httpRequest's body's