Add policy container to request

This snapshots policies when a request is created in order to have them available (and be immutable) for the lifetime of the fetch algorithm. Together with w3c/webappsec-csp#494 this ends up fixing #832.
whatwg · May 10, 2021 · 3c0dd16 · 3c0dd16
1 parent 208e271
commit 3c0dd16
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -1519,6 +1519,15 @@ user-agent-defined object). Unless otherwise stated it is null.
 <a lt=fetch for=/>fetching</a>. It provides a convenient way for standards to not have to set
 <a for=/>request</a>'s <a for=request>origin</a>.
 
+<p>A <a for=/>request</a> has an associated
+<dfn export for=request id=concept-request-policy-container>policy container</dfn>, which is
+"<code>client</code>" or a <a for=/>policy container</a>. Unless stated otherwise it is
+"<code>client</code>".
+
+<p class=note>"<code>client</code>" is changed to a <a for=/>policy container</a> during
+<a lt=fetch for=/>fetching</a>. It provides a convenient way for standards to not have to set
+<a for=/>request</a>'s <a for=request>policy container</a>.
+
 <p>A <a for=/>request</a> has an associated
 <dfn export for=request id=concept-request-referrer>referrer</dfn>, which is
 "<code>no-referrer</code>", "<code>client</code>", or a <a for=/>URL</a>. Unless stated otherwise it
@@ -3586,6 +3595,19 @@ the request.
  <var>request</var>'s <a for=request>origin</a> to  <var>request</var>'s <a for=request>client</a>'s
  <a for="environment settings object">origin</a>.
 
+ <li>
+  <p>If <var>request</var>'s <a for=request>policy container</a> is "<code>client</code>", then:
+
+  <ol>
+   <li><p>If <var>request</var>'s <a for=request>client</a> is non-null, then set
+   <var>request</var>'s <a for=request>policy container</a> to a
+   <a lt="clone a policy container">clone</a> of <var>request</var>'s <a for=request>client</a>'s
+   <a for="environment settings object">policy container</a>. [[!HTML]]
+
+   <li><p>Otherwise, set <var>request</var>'s <a for=request>policy container</a> to a new
+   <a for=/>policy container</a>.
+  </ol>
+
  <li>
   <p>If <var>request</var>'s <a for=request>header list</a>
   <a for="header list">does not contain</a> `<code>Accept</code>`, then: