diff --git a/fetch.bs b/fetch.bs index 90ef40c04..621844093 100644 --- a/fetch.bs +++ b/fetch.bs @@ -160,35 +160,40 @@ lt="authentication entry">authentication entries (for HTTP authentication).
Tasks that are -queued by this standard are annotated as one -of: +
A fetch params is a struct used in fetching. It has the +following items: -
To queue a fetch task on request -request to run an operation, run these steps: +
To queue a fetch task, given an algorithm algorithm, null or a +global object global, and null or a parallel queue +parallelQueue, run these steps:
If request's client is - null, terminate these steps. - -
Queue a task to - run an operation on request's - client's - responsible event loop using the - networking task source. +
If parallelQueue is non-null, then + enqueue algorithm to + parallelQueue. + +
Otherwise, queue a global task on the networking task source with + global and algorithm.
To queue a fetch-request-done task, given a request, -queue a fetch task on request to process request end-of-body -for request. +
To serialize an integer, represent it as a string of the shortest possible decimal number. @@ -1375,10 +1380,6 @@ to not have to set request's referrer.
This can be used to override a referrer policy associated with an environment settings object. -
A request has an associated -synchronous flag. Unless stated otherwise it is -unset. -
A request has an associated
mode, which is
" To transmit body for a
-request request, run these steps:
+ To transmit request body given a
+fetch params fetchParams, run these steps:
If body is null and fetchParams's
+ process request end-of-body is non-null, then:
+
+ Let processRequestEndOfBody be this step: run fetchParams's
+ process request end-of-body given fetchParams's
+ request.
- If body is null, then queue a fetch task on request to
- process request end-of-body for request and abort these steps.
+ Queue a fetch task given processRequestEndOfBody,
+ fetchParams's global, and fetchParams's
+ algorithm queue.
Let reader be the result of getting a reader for
- body's stream.
+ Otherwise, if body is non-null:
- This operation cannot throw an exception.
+ Let reader be the result of getting a reader for
+ body's stream.
- Perform the transmit-body loop given request, body, and
- reader.
+ This operation cannot throw an exception.
+
+ Perform the transmit-request-body loop given fetchParams,
+ body, and reader.
+ To perform the transmit-body loop given request, body, and
+ To perform the transmit-request-body loop given a fetch params
+fetchParams, body body, and {{ReadableStreamDefaultReader}}
reader:
Let bs be the byte sequence represented by the {{Uint8Array}} object.
+ Let processRequestBody be null.
+
+ If fetchParams's process request body is non-null,
+ then set processRequestBody to this step: run fetchParams's
+ process request body given fetchParams's
+ request.
+
Transmit bs. Whenever one or more bytes are transmitted, increase
- body's transmitted bytes by the number of transmitted bytes and
- queue a fetch task on request to process request body
- for request.
+ Transmit bs. Whenever one or more bytes are transmitted, increase
+ body's transmitted bytes by the number of transmitted bytes and
+ if processRequestBody is non-null then queue a fetch task given
+ processRequestBody, fetchParams's global,
+ and fetchParams's algorithm queue.
+
+ This step blocks until bs is fully transmitted.
- This step blocks until bs is fully transmitted.
+ Let algorithm be this step: perform the transmit-request-body loop
+ given fetchParams, body, and reader.
- If the ongoing fetch is not terminated, then queue a fetch task
- on request to perform the transmit-body loop given request,
- body, and reader.
- If the ongoing fetch is not terminated, then
+ queue a fetch task given algorithm, fetchParams's
+ global, and fetchParams's
+ algorithm queue.
+ If the ongoing fetch is terminated, then abort these steps.
- Queue a fetch task on request to process request end-of-body
- for request.
+ If fetchParams's process request end-of-body is
+ non-null, then:
+
+ Let processRequestEndOfBody be this step: run fetchParams's
+ process request end-of-body given fetchParams's
+ request.
+
+ Queue a fetch task given processRequestEndOfBody,
+ fetchParams's global, and fetchParams's
+ algorithm queue.
+ The algorithm below defines fetching. In broad
- strokes, it takes a request and outputs a
- response.
-
- That is, it either returns a response if
- request's synchronous flag is set, or it
- queues tasks annotated process response,
- process response end-of-body, and process response done for the
- response.
-
- To capture uploads, if request's
- synchronous flag is unset,
- tasks annotated
- process request body and process request end-of-body for the
- request can be
- queued.
- To perform a fetch using request, run
-the steps below. An ongoing fetch can be
+ The algorithm below defines fetching. In broad strokes, it takes
+a request and one or more algorithms to run at various points during the operation. A
+response is passed to the last two algorithms listed below. The first two algorithms
+can be used to capture uploads.
+
+ To fetch, given a request request, an
+optional algorithm
+processRequestBody, an optional
+algorithm
+processRequestEndOfBody,
+an optional algorithm processResponse, an
+optional algorithm
+processResponseEndOfBody,
+and an optional boolean useParallelQueue (default false), run
+the steps below.
+
+ An ongoing fetch can be
terminated with flag aborted,
which is unset unless otherwise specified.
@@ -3225,198 +3263,165 @@ the request.
[[!HTTP-CACHING]]
Run these steps, but abort when the ongoing fetch is terminated:
+ Let algorithmQueue be null.
- If request's body is a byte sequence, then:
+ If useParallelQueue is true, then set algorithmQueue to the result of
+ starting a new parallel queue.
- Let body and ignoreType be the result of
- safely extracting request's body.
+ Let global be null.
- Set request's body to body.
- If request's client is non-null, then set global to
+ request's client's
+ global object.
- If request's window is
- " If request's origin is
- " Let fetchParams be a new fetch params whose
+ request is request,
+ process request body is processRequestBody,
+ process request end-of-body is processRequestEndOfBody,
+ process response is processResponse,
+ process response end-of-body is processResponseEndOfBody,
+ global is global, and
+ algorithm queue is algorithmQueue.
- If request's header list
- does not contain ` Let value be ` If request's body is a byte sequence, then:
- A user agent should set value to the first matching statement, if any, switching
- on request's destination:
-
+ Let body and ignoreType be the result of
+ safely extracting request's body.
- Set request's body to body.
+ If request's window is " If request's origin is " Append
- ` If request's header list
+ does not contain ` If request's header list
- does not contain ` Let value be ` If request's priority is null, then use request's
- initiator and destination appropriately in setting
- request's priority to a user-agent-defined object.
+ A user agent should set value to the first matching statement, if any, switching
+ on request's destination:
+
- The user-agent-defined object could encompass stream weight and dependency
- for HTTP/2, and equivalent information used to prioritize dispatch and processing of
- HTTP/1 fetches.
+ If request is a subresource request, then:
+ Let record be a new
- fetch record consisting of
- request and this instance of the
- fetch algorithm.
-
- Append record to request's
- client's
- fetch group list of
- fetch records.
- Append ` If request's header list
+ does not contain ` If aborted, then:
+ If request's priority is null, then use request's
+ initiator and destination appropriately in setting
+ request's priority to a user-agent-defined object.
- Let aborted be the termination's aborted flag.
+ The user-agent-defined object could encompass stream weight and dependency for
+ HTTP/2, and equivalent information used to prioritize dispatch and processing of HTTP/1 fetches.
- If aborted is set, then return an aborted network error.
+ If request is a subresource request, then:
- Return a network error.
+ Let record be a new fetch record consisting of
+ request and this instance of the fetch algorithm.
+
+ Append record to request's a for=request>client's
+ fetch group list of fetch records.
Return the result of performing a main fetch
- using request.
+ Run main fetch given fetchParams.
To perform a main fetch using request,
-optionally with a recursive flag, run these steps:
-
- When main fetch is invoked recursively
-recursive flag is set.
+ To main fetch, given a fetch params
+fetchParams and an optional boolean recursive (default false), run these
+steps:
Let response be null.
-
- Run these steps, but abort when the ongoing fetch is terminated:
+ Let request be fetchParams's request.
- If request's local-URLs-only flag is set and request's
- current URL is not local, then set response to
- a network error.
-
- Run report Content Security Policy violations for request.
-
- Upgrade request to a potentially secure URL, if appropriate.
- [[!UPGRADE]]
-
- If
- should request be blocked due to a bad port,
- should fetching request be blocked as mixed content,
- or
- should request be blocked by Content Security Policy
- returns blocked, then set response to a network error.
- [[!MIX]]
+ Let response be null.
- If request's referrer policy is the empty string and
- request's client is non-null, then set request's
- referrer policy to request's client's
- referrer policy.
- [[!REFERRER]]
+ If request's local-URLs-only flag is set and request's
+ current URL is not local, then set response to a
+ network error.
- If request's referrer policy
- is the empty string, then set request's
- referrer policy to the default referrer policy.
+ Run report Content Security Policy violations for request.
- If request's referrer
- is not " Upgrade request to a potentially secure URL, if appropriate.
+ [[!UPGRADE]]
- As stated in Referrer Policy, user agents can
- provide the end user with options to override request's
- referrer to " If should request be blocked due to a bad port,
+ should fetching request be blocked as mixed content,
+ or
+ should request be blocked by Content Security Policy
+ returns blocked, then set response to a network error. [[!MIX]]
- Set request's current URL's scheme to
- " If request's referrer policy is the empty string and
+ request's client is non-null, then set request's
+ referrer policy to request's client's
+ referrer policy. [[!REFERRER]]
- If request's referrer policy is the empty string, then set
+ request's referrer policy to the
+ default referrer policy.
- If aborted, then:
+ If request's referrer is not " Let aborted be the termination's aborted flag.
+ As stated in Referrer Policy, user agents can provide the end user with
+ options to override request's referrer to " If aborted is set, then return an aborted network error.
+ Set request's current URL's scheme to
+ " Return a network error.
- If request's synchronous flag is unset and
- recursive flag is unset, run the remaining steps
- in parallel.
+ If recursive is false, then run the remaining steps in parallel.
If response is null, then set response to the result of running the steps
@@ -3436,8 +3441,7 @@ optionally with a recursive flag, run these steps:
Set request's
response tainting to " Return the result of performing a scheme fetch
- using request.
+ Return the result of running scheme fetch given fetchParams.
HTML assigns any documents and workers created from URLs
@@ -3462,8 +3466,8 @@ optionally with a recursive flag, run these steps:
response tainting to
" Let noCorsResponse be the result of performing a scheme fetch using
- request.
+ Let noCorsResponse be the result of running scheme fetch given
+ fetchParams.
If noCorsResponse is a filtered response or the CORB check with
@@ -3495,8 +3499,8 @@ optionally with a recursive flag, run these steps:
response tainting to
" Let corsWithPreflightResponse be the result of performing an
- HTTP fetch using request with the CORS-preflight flag set.
+ Let corsWithPreflightResponse be the result of running HTTP fetch
+ given fetchParams and true.
If corsWithPreflightResponse is a network error, then
clear cache entries using request.
@@ -3511,11 +3515,11 @@ optionally with a recursive flag, run these steps:
response tainting to
" Return the result of performing an HTTP fetch using request.
+ Return the result of running HTTP fetch given fetchParams.
If the recursive flag is set, return response.
+ If recursive is true, then return response.
If response is not a network error and response is not a
@@ -3644,47 +3648,42 @@ optionally with a recursive flag, run these steps:
internalResponse. That would allow an attacker to use hashes as an oracle.
If request's synchronous flag is set,
- wait for internalResponse's
- body, and then return response.
-
- This terminates fetch.
-
- If request's current URL's scheme is an
- HTTP(S) scheme, then:
+ If fetchParams's process response is non-null, then:
If request's body is
- done, queue a fetch-request-done task for
- request.
+ Let processResponse be this step: run fetchParams's
+ process response given response.
- Otherwise, in parallel,
- wait for request's
- body, and then
- queue a fetch-request-done task for request.
+ Queue a fetch task given processResponse, fetchParams's
+ global, and fetchParams's
+ algorithm queue.
Queue a fetch task on request to
- process response for response.
-
Queue a fetch task on request to
- process response end-of-body for response.
+ Let doneAlgorithm be these steps:
+
+ Set request's done flag.
- Set request's done flag.
+ If fetchParams's process response end-of-body is
+ non-null, then run fetchParams's
+ process response end-of-body given response.
+ Queue a fetch task on request to process response done
- for response.
+ Queue a fetch task given doneAlgorithm, fetchParams's
+ global, and fetchParams's
+ algorithm queue.
To perform a scheme fetch using
-request, switch on request's current URL's
+ To scheme fetch, given a
+fetch params fetchParams: let request be fetchParams's
+request, switch on request's current URL's
scheme, and run the associated steps:
Return the result of performing an HTTP fetch
- using request.
+ Return the result of running HTTP fetch given fetchParams.
Return a network error.
@@ -3791,13 +3789,14 @@ optionally with a recursive flag, run these steps:
To perform an HTTP fetch using request with an
-optional CORS-preflight flag, run these steps:
-
- The CORS-preflight flag bookkeeping detail indicates a
-CORS-preflight request is needed.
+ To HTTP fetch, given a fetch params
+fetchParams and an optional boolean makeCORSPreflight (default false), run
+these steps:
+
Let request be fetchParams's request.
+
Let response be null.
Let actualResponse be null.
@@ -3813,7 +3812,7 @@ optional CORS-preflight flag, run these steps:
If response is not null, then:
Transmit body for request.
+ Transmit request body given fetchParams.
Set actualResponse to response, if response is not a
filtered response, and to response's
@@ -3847,7 +3846,7 @@ optional CORS-preflight flag, run these steps:
If the CORS-preflight flag is set and one of these conditions is true:
+ If makeCORSPreflight is true and one of these conditions is true:
There is no method cache entry match for request's
@@ -3863,8 +3862,8 @@ optional CORS-preflight flag, run these steps:
Then:
Let preflightResponse be the result of performing a
- CORS-preflight fetch using request.
+ Let preflightResponse be the result of running CORS-preflight fetch
+ given request.
If preflightResponse is a network error, then return
preflightResponse.
@@ -3885,8 +3884,8 @@ optional CORS-preflight flag, run these steps:
Redirects coming from the network (as opposed to from a service
worker) are not to be exposed to a service worker.
- Set response and actualResponse to the result of performing an
- HTTP-network-or-cache fetch using request.
+ Set response and actualResponse to the result of running
+ HTTP-network-or-cache fetch given fetchParams.
If request's response tainting is " Set response to the result of performing HTTP-redirect fetch using
- request and response.
+ Set response to the result of running HTTP-redirect fetch given
+ fetchParams and response.
This algorithm is used by HTML's navigate algorithm in addition to
-HTTP fetch above. [[!HTML]]
-
- To perform an HTTP-redirect fetch using
-request and response, run these steps:
+ To HTTP-redirect fetch, given a
+fetch params fetchParams and a response response,
+run these steps:
Let request be fetchParams's request.
+
Let actualResponse be response, if response is not a
filtered response, and response's
internal response otherwise.
@@ -4035,30 +4034,58 @@ optional CORS-preflight flag, run these steps:
actualResponse. [[!REFERRER]]
Return the result of performing a main fetch using request with
- recursive flag set if request's redirect mode is not
- " Let recursive be true if request's redirect mode is
+ not " It can only be " This has to invoke main fetch to
- get response tainting correct.
+ Return the result of running main fetch given fetchParams and
+ recursive.
+
+ This has to invoke main fetch to get
+ response tainting correct.
To perform an
-HTTP-network-or-cache fetch using
-request with an optional authentication-fetch flag, run these steps:
+ This algorithm is used by HTML's navigate algorithm. [[!HTML]]
- The authentication-fetch flag is a bookkeeping detail.
+ To navigate-redirect fetch, given a
+request request, response response, and algorithm
+processResponse, run these steps:
+
+
+ Assert: request's redirect mode is " Let fetchParams be a new fetch params whose
+ request is request and
+ process response is processResponse.
+
+ Run HTTP-redirect fetch given fetchParams and response.
+
+ Some implementations might support caching of partial content, as per HTTP
-Range Requests. [[HTTP-RANGE]] However, this is not widely supported by browser caches.
+ To HTTP-network-or-cache fetch, given a
+fetch params fetchParams and an optional boolean
+isAuthenticationFetch (default false), run these steps:
+
+ Some implementations might support caching of partial content, as per
+HTTP Range Requests. However, this is not widely supported by browser caches.
+[[HTTP-RANGE]]
Let request be fetchParams's request.
+
+ Let httpFetchParams be null.
+
Let httpRequest be null.
Let response be null.
@@ -4075,7 +4102,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
If request's window is " Otherwise:
@@ -4091,6 +4119,11 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
If body is non-null, then set request's body to
a new body whose stream is null and whose source
is body's source.
+
+ Set httpFetchParams to a copy of fetchParams.
+
+ Set httpFetchParams's request to
+ httpRequest.
request is copied as httpRequest here as we
@@ -4101,7 +4134,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
null, redirects and authentication will end up failing the fetch.
Let credentials flag be set if one of
+ Let includeCredentials be true if one of
is true, and unset otherwise.
+ is true; otherwise false.
Let contentLengthValue be null.
@@ -4251,7 +4284,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
HTTP header layer division for more details.
If credentials flag is set, then:
+ If includeCredentials is true, then:
Otherwise, if httpRequest's current URL does
- include credentials and authentication-fetch flag is set, set
+ include credentials and isAuthenticationFetch is true, set
authorizationValue to httpRequest's current URL,
converted to an ` In parallel, perform main fetch using
- revalidateRequest.
+ In parallel, run main fetch given a new fetch params whose
+ request is revalidateRequest.
This fetch is only meant to update the state of httpCache
and the response will be unused until another cache access. The stale response will be used
@@ -4412,8 +4445,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
If httpRequest's cache mode is
" Let forwardResponse be the result of making an HTTP-network fetch using
- httpRequest with credentials flag if set.
+ Let forwardResponse be the result of running HTTP-network fetch given
+ httpFetchParams and includeCredentials.
If httpRequest's method is
unsafe and
@@ -4463,8 +4496,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
If response's status is 401, httpRequest's
- response tainting is not " If request's use-URL-credentials flag is unset or
- authentication-fetch flag is set, then:
+ isAuthenticationFetch is true, then:
Set response to the result of performing an
- HTTP-network-or-cache fetch using
- request with authentication-fetch flag set.
+ Set response to the result of running HTTP-network-or-cache fetch given
+ fetchParams and true.
Remaining details surrounding proxy authentication are defined by HTTP.
- Set response to the result of performing an HTTP-network-or-cache fetch
- using request.
+ Set response to the result of running HTTP-network-or-cache fetch given
+ fetchParams.
If authentication-fetch flag is set, then create an authentication entry
- for request and the given realm.
+ If isAuthenticationFetch is true, then create an authentication entry for
+ request and the given realm.
Return response. Typically
response's body's
@@ -4558,11 +4590,12 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
To perform an HTTP-network fetch using
-request with an optional credentials flag, run these steps:
+ To HTTP-network fetch, given a fetch params
+fetchParams and an optional boolean includeCredentials (default false), run
+these steps:
Let credentials be true if credentials flag is set, and false otherwise.
+ Let request be fetchParams's request.
Let response be null.
@@ -4588,7 +4621,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
Let connection be the result of
obtaining a connection, given networkPartitionKey,
request's current URL's origin, and
- credentials.
+ includeCredentials.
@@ -4641,7 +4674,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
Otherwise, return a network error.
Transmit body for request.
+ Transmit request body given fetchParams.
+
If credentials flag is set and the user agent is not configured to block cookies for
- request (see section 7 of
- [[!COOKIES]]), then run the "set-cookie-string" parsing algorithm (see section 5.2 of [[!COOKIES]]) on the value of each header whose name is a
- byte-case-insensitive match for ` If includeCredentials is true and the user agent is not configured to block
+ cookies for request (see
+ section 7 of [[!COOKIES]]), then run
+ the "set-cookie-string" parsing algorithm (see
+ section 5.2 of [[!COOKIES]]) on the
+ value of each header whose name is a
+ byte-case-insensitive match for ` This is a fingerprinting vector.
@@ -4756,9 +4792,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
If stream doesn't need more data and
- request's synchronous flag is unset, ask the user agent to
- suspend the ongoing fetch.
+ If stream doesn't need more data ask the user
+ agent to suspend the ongoing fetch.
Otherwise, if the bytes transmission for response's message body is done
@@ -4816,8 +4851,8 @@ the CORS protocol is understood. The so-called CORS-preflight request<
successful it populates the CORS-preflight cache to minimize the
number of these fetches.
- To perform a CORS-preflight fetch using request,
-run these steps:
+ To CORS-preflight fetch, given a request
+request, run these steps:
This intentionally does not use combine, as 0x20 following
0x2C is not the way this was implemented, for better or worse.
- Let response be the result of performing an HTTP-network-or-cache fetch
- using preflight.
+ Let response be the result of running HTTP-network-or-cache fetch given
+ a new fetch params whose request is preflight.
If a CORS check for request and response returns success and
@@ -6690,9 +6725,8 @@ method steps are:
Fetch request.
-
- To process response for response, run these substeps:
+ Fetch request with processResponse given
+ response being these substeps:
If locallyAborted is true, terminate these substeps.
@@ -6861,7 +6895,6 @@ therefore not shareable, a WebSocket connection is very close to identical to an
client is client,
service-workers mode is " Let response be the result of fetching
- request.
-
- If response is a network error or its status is not
- 101, fail the WebSocket connection.
-
If protocols is not the empty list and extracting header list values given
- ` Fetch request with useParallelQueue
+ set to true, and processResponse given response being these
+ steps:
- This is different from the check on this header defined by The WebSocket Protocol.
- That only covers a subprotocol not requested by the client. This covers a subprotocol requested by
- the client, but not acknowledged by the server.
+ If response is a network error or its status is not
+ 101, fail the WebSocket connection.
- Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in
- section 4.1 of The WebSocket Protocol
- to validate response. This either results in fail the WebSocket connection
- or the WebSocket connection is established.
+ If protocols is not the empty list and extracting header list values given
+ ` This is different from the check on this header defined by The WebSocket Protocol.
+ That only covers a subprotocol not requested by the client. This covers a subprotocol requested
+ by the client, but not acknowledged by the server.
+
+ Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in
+ section 4.1 of The WebSocket Protocol
+ to validate response. This either results in fail the WebSocket connection
+ or the WebSocket connection is established.
+ Fail the WebSocket connection and the WebSocket connection is established
same-origin
", "cors
", "no-cors
",
@@ -1654,26 +1655,43 @@ is to return the result of serializing a request origin with request
-
-
+
-
+
@@ -1691,21 +1709,34 @@ is to return the result of serializing a request origin with request
-
+
+
Fetching
-
-
-
-
-
+ client
", set request's
- window to request's
- client, if request's
- client's
- global object is a
- {{Window}} object, and to "no-window
"
- otherwise.
-
- client
", set request's
- origin to request's
- client's origin.
+ Accept
`, then:
-
-
-
+ */*
`.
+
+
-
-
document
"
- frame
"
- iframe
"
- text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
`
+ image
"
- image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
`
+ client
", then set
+ request's window to request's client,
+ if request's client's
+ global object is a {{Window}} object; otherwise
+ "no-window
".
- style
"
- text/css,*/*;q=0.1
`
-
+ client
", then set
+ request's origin to request's client's
+ origin.
- Accept
`/value to request's
- header list.
- Accept
`, then:
- Accept-Language
`, user agents should
- append
- `Accept-Language
`/an appropriate value
- to request's header list.
+
+
+ */*
`.
+
+
+ document
"
+ frame
"
+ iframe
"
+ text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
`
- image
"
+ image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
`
-
-
+ style
"
+ text/css,*/*;q=0.1
`
+ Accept
`/value to
+ request's header list.
Accept-Language
`, then user agents should
+ append `Accept-Language
`/an appropriate
+ value to request's header list.
+
-
+
- Main fetch
-
-
-
+ no-referrer
", set request's
- referrer to the result of invoking
- determine request's referrer.
- [[!REFERRER]]
+ no-referrer
" or
- have it expose less sensitive information.
+ https
" if all of the following conditions are true:
+
-
-
- http
"
- includeSubDomains
directive
- or a congruent match (with or without an asserted includeSubDomains
directive).
- [[!HSTS]]
- no-referrer
", then set
+ request's referrer to the result of invoking
+ determine request's referrer. [[!REFERRER]]
-
-
+ no-referrer
"
+ or have it expose less sensitive information.
- https
" if all of the following conditions are true:
-
+
+
- http
"
+ includeSubDomains
directive
+ or a congruent match (with or without an asserted includeSubDomains
directive).
+ [[!HSTS]]
+ basic
".
- opaque
".
- cors
".
- cors
".
-
-
-
+
- Scheme fetch
-
@@ -3781,8 +3780,7 @@ optionally with a recursive flag, run these steps:
@@ -3952,13 +3951,13 @@ optional CORS-preflight flag, run these steps:
HTTP fetch
-
+
-
-
cors
" and a
@@ -3938,8 +3937,8 @@ optional CORS-preflight flag, run these steps:
internal response is actualResponse.
follow
"
- HTTP-redirect fetch
-
+
-manual
".
+ manual
"; otherwise false.
manual
" here when this algorithm is invoked directly
from HTML's navigate algorithm.
- HTTP-network-or-cache fetch
+Navigate-redirect fetch
-
+
+
+
+manual
".
+
+ HTTP-network-or-cache fetch
-
+
no-window
" and
request's redirect mode is "error
", then set
- httpRequest to request.
+ httpFetchParams to fetchParams and httpRequest to
+ request.
- basic
"
- Authorization
` value.
@@ -4349,8 +4382,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
"none
".
only-if-cached
", then return a network error.
- cors
", the credentials flag is
- set, and request's window is an environment settings object,
+ response tainting is not "cors
", includeCredentials is
+ true, and request's window is an environment settings object,
then:
@@ -4485,7 +4518,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
- HTTP-network fetch
-
-
- Set-Cookie
` in response's header list, if any, and request's current URL.
+ Set-Cookie
` in response's
+ header list, if any, and request's
+ current URL.
none
",
referrer is "no-referrer
",
- synchronous flag is set,
mode is "websocket
",
credentials mode is
"include
",
@@ -6908,25 +6941,29 @@ therefore not shareable, a WebSocket connection is very close to identical to an
`Sec-WebSocket-Extensions
`/permessageDeflate
to request's header list.
- Sec-WebSocket-Protocol
` and response's header list
- results in null, failure, or the empty byte sequence, then fail the WebSocket connection.
+
+
Sec-WebSocket-Protocol
` and response's header list
+ results in null, failure, or the empty byte sequence, then fail the WebSocket connection.
+
+