diff --git a/fetch.bs b/fetch.bs index 90ef40c04..621844093 100644 --- a/fetch.bs +++ b/fetch.bs @@ -160,35 +160,40 @@ lt="authentication entry">authentication entries (for HTTP authentication).
-

Tasks that are -queued by this standard are annotated as one -of: +

A fetch params is a struct used in fetching. It has the +following items: -

+
+
request +
A request. -

To queue a fetch task on request -request to run an operation, run these steps: +

process request body (default null) +
process request end-of-body (default null) +
process response (default null) +
process response end-of-body (default null) +
Null or an algorithm. + +
global (default null) +
Null or a global object. + +
algorithm queue (default null) +
Null or a parallel queue. +
+ +

To queue a fetch task, given an algorithm algorithm, null or a +global object global, and null or a parallel queue +parallelQueue, run these steps:

    -
  1. If request's client is - null, terminate these steps. - -

  2. Queue a task to - run an operation on request's - client's - responsible event loop using the - networking task source. +

  3. If parallelQueue is non-null, then + enqueue algorithm to + parallelQueue. + +

  4. Otherwise, queue a global task on the networking task source with + global and algorithm.

-

To queue a fetch-request-done task, given a request, -queue a fetch task on request to process request end-of-body -for request. +


To serialize an integer, represent it as a string of the shortest possible decimal number. @@ -1375,10 +1380,6 @@ to not have to set request's referrer.

This can be used to override a referrer policy associated with an environment settings object. -

A request has an associated -synchronous flag. Unless stated otherwise it is -unset. -

A request has an associated mode, which is "same-origin", "cors", "no-cors", @@ -1654,26 +1655,43 @@ is to return the result of serializing a request origin with request


-

To transmit body for a -request request, run these steps: +

To transmit request body given a +fetch params fetchParams, run these steps:

    -
  1. Let body be request's body. +
  2. Let body be fetchParams's request's + body. + +
  3. +

    If body is null and fetchParams's + process request end-of-body is non-null, then: + +

      +
    1. Let processRequestEndOfBody be this step: run fetchParams's + process request end-of-body given fetchParams's + request. -

    2. If body is null, then queue a fetch task on request to - process request end-of-body for request and abort these steps. +

    3. Queue a fetch task given processRequestEndOfBody, + fetchParams's global, and fetchParams's + algorithm queue.

    4. -

      Let reader be the result of getting a reader for - body's stream. +

      Otherwise, if body is non-null: -

      This operation cannot throw an exception. +

        +
      1. +

        Let reader be the result of getting a reader for + body's stream. -

      2. Perform the transmit-body loop given request, body, and - reader. +

        This operation cannot throw an exception. + +

      3. Perform the transmit-request-body loop given fetchParams, + body, and reader. +

    -

    To perform the transmit-body loop given request, body, and +

    To perform the transmit-request-body loop given a fetch params +fetchParams, body body, and {{ReadableStreamDefaultReader}} reader:

      @@ -1691,21 +1709,34 @@ is to return the result of serializing a request origin with request
    1. Let bs be the byte sequence represented by the {{Uint8Array}} object. +

    2. Let processRequestBody be null. + +

    3. If fetchParams's process request body is non-null, + then set processRequestBody to this step: run fetchParams's + process request body given fetchParams's + request. +

    4. In parallel:

        -
      1. Transmit bs. Whenever one or more bytes are transmitted, increase - body's transmitted bytes by the number of transmitted bytes and - queue a fetch task on request to process request body - for request. +

      2. +

        Transmit bs. Whenever one or more bytes are transmitted, increase + body's transmitted bytes by the number of transmitted bytes and + if processRequestBody is non-null then queue a fetch task given + processRequestBody, fetchParams's global, + and fetchParams's algorithm queue. + +

        This step blocks until bs is fully transmitted. -

        This step blocks until bs is fully transmitted. +

      3. Let algorithm be this step: perform the transmit-request-body loop + given fetchParams, body, and reader. -

      4. If the ongoing fetch is not terminated, then queue a fetch task - on request to perform the transmit-body loop given request, - body, and reader. -

      +
    5. If the ongoing fetch is not terminated, then + queue a fetch task given algorithm, fetchParams's + global, and fetchParams's + algorithm queue. +

close steps @@ -1713,8 +1744,19 @@ is to return the result of serializing a request origin with request
  1. If the ongoing fetch is terminated, then abort these steps. -

  2. Queue a fetch task on request to process request end-of-body - for request. +

  3. +

    If fetchParams's process request end-of-body is + non-null, then: + +

      +
    1. Let processRequestEndOfBody be this step: run fetchParams's + process request end-of-body given fetchParams's + request. + +

    2. Queue a fetch task given processRequestEndOfBody, + fetchParams's global, and fetchParams's + algorithm queue. +

error steps, given e @@ -3188,27 +3230,23 @@ run these steps:

Fetching

-
-

The algorithm below defines fetching. In broad - strokes, it takes a request and outputs a - response. - -

That is, it either returns a response if - request's synchronous flag is set, or it - queues tasks annotated process response, - process response end-of-body, and process response done for the - response. - -

To capture uploads, if request's - synchronous flag is unset, - tasks annotated - process request body and process request end-of-body for the - request can be - queued. -

- -

To perform a fetch using request, run -the steps below. An ongoing fetch can be +

The algorithm below defines fetching. In broad strokes, it takes +a request and one or more algorithms to run at various points during the operation. A +response is passed to the last two algorithms listed below. The first two algorithms +can be used to capture uploads. + +

To fetch, given a request request, an +optional algorithm +processRequestBody, an optional +algorithm +processRequestEndOfBody, +an optional algorithm processResponse, an +optional algorithm +processResponseEndOfBody, +and an optional boolean useParallelQueue (default false), run +the steps below. + +

An ongoing fetch can be terminated with flag aborted, which is unset unless otherwise specified. @@ -3225,198 +3263,165 @@ the request. [[!HTTP-CACHING]]

    -
  1. -

    Run these steps, but abort when the ongoing fetch is terminated: +

  2. Let algorithmQueue be null. -

      -
    1. -

      If request's body is a byte sequence, then: +

    2. If useParallelQueue is true, then set algorithmQueue to the result of + starting a new parallel queue. -

        -
      1. Let body and ignoreType be the result of - safely extracting request's body. +

      2. Let global be null. -

      3. Set request's body to body. -

      +
    3. If request's client is non-null, then set global to + request's client's + global object. -

    4. If request's window is - "client", set request's - window to request's - client, if request's - client's - global object is a - {{Window}} object, and to "no-window" - otherwise. - -

    5. If request's origin is - "client", set request's - origin to request's - client's origin. +

    6. Let fetchParams be a new fetch params whose + request is request, + process request body is processRequestBody, + process request end-of-body is processRequestEndOfBody, + process response is processResponse, + process response end-of-body is processResponseEndOfBody, + global is global, and + algorithm queue is algorithmQueue. -

    7. -

      If request's header list - does not contain `Accept`, then: - -

        -
      1. Let value be `*/*`. +

      2. +

        If request's body is a byte sequence, then: -

      3. -

        A user agent should set value to the first matching statement, if any, switching - on request's destination: - +

          +
        1. Let body and ignoreType be the result of + safely extracting request's body. -

          -
          "document" -
          "frame" -
          "iframe" -
          `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8` +
        2. Set request's body to body. +

        -
        "image" -
        `image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5` +
      4. If request's window is "client", then set + request's window to request's client, + if request's client's + global object is a {{Window}} object; otherwise + "no-window". -

        "style" -
        `text/css,*/*;q=0.1` - +
      5. If request's origin is "client", then set + request's origin to request's client's + origin. -

      6. Append - `Accept`/value to request's - header list. -

      +
    8. +

      If request's header list + does not contain `Accept`, then: -

    9. If request's header list - does not contain `Accept-Language`, user agents should - append - `Accept-Language`/an appropriate value - to request's header list. +

        +
      1. Let value be `*/*`.

      2. -

        If request's priority is null, then use request's - initiator and destination appropriately in setting - request's priority to a user-agent-defined object. +

        A user agent should set value to the first matching statement, if any, switching + on request's destination: + -

        The user-agent-defined object could encompass stream weight and dependency - for HTTP/2, and equivalent information used to prioritize dispatch and processing of - HTTP/1 fetches. +

        +
        "document" +
        "frame" +
        "iframe" +
        `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8` -
      3. -

        If request is a subresource request, then: +

        "image" +
        `image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5` -
          -
        1. Let record be a new - fetch record consisting of - request and this instance of the - fetch algorithm. - -

        2. Append record to request's - client's - fetch group list of - fetch records. -

        +
        "style" +
        `text/css,*/*;q=0.1` +
      4. + +
      5. Append `Accept`/value to + request's header list.

      +
    10. If request's header list + does not contain `Accept-Language`, then user agents should + append `Accept-Language`/an appropriate + value to request's header list. +

    11. -

      If aborted, then: +

      If request's priority is null, then use request's + initiator and destination appropriately in setting + request's priority to a user-agent-defined object. -

        -
      1. Let aborted be the termination's aborted flag. +

        The user-agent-defined object could encompass stream weight and dependency for + HTTP/2, and equivalent information used to prioritize dispatch and processing of HTTP/1 fetches. -

      2. If aborted is set, then return an aborted network error. +

      3. +

        If request is a subresource request, then: -

      4. Return a network error. +

          +
        1. Let record be a new fetch record consisting of + request and this instance of the fetch algorithm. + +

        2. Append record to request's a for=request>client's + fetch group list of fetch records.

        -
      5. Return the result of performing a main fetch - using request. +

      6. Run main fetch given fetchParams.

      Main fetch

      -

      To perform a main fetch using request, -optionally with a recursive flag, run these steps: - -

      When main fetch is invoked recursively -recursive flag is set. +

      To main fetch, given a fetch params +fetchParams and an optional boolean recursive (default false), run these +steps:

        -
      1. Let response be null. - -

      2. -

        Run these steps, but abort when the ongoing fetch is terminated: +

      3. Let request be fetchParams's request. -

          -
        1. If request's local-URLs-only flag is set and request's - current URL is not local, then set response to - a network error. - -

        2. Run report Content Security Policy violations for request. - -

        3. Upgrade request to a potentially secure URL, if appropriate. - [[!UPGRADE]] - -

        4. If - should request be blocked due to a bad port, - should fetching request be blocked as mixed content, - or - should request be blocked by Content Security Policy - returns blocked, then set response to a network error. - [[!MIX]] +

        5. Let response be null. -

        6. If request's referrer policy is the empty string and - request's client is non-null, then set request's - referrer policy to request's client's - referrer policy. - [[!REFERRER]] +

        7. If request's local-URLs-only flag is set and request's + current URL is not local, then set response to a + network error. -

        8. -

          If request's referrer policy - is the empty string, then set request's - referrer policy to the default referrer policy. +

        9. Run report Content Security Policy violations for request. -

        10. -

          If request's referrer - is not "no-referrer", set request's - referrer to the result of invoking - determine request's referrer. - [[!REFERRER]] +

        11. Upgrade request to a potentially secure URL, if appropriate. + [[!UPGRADE]] -

          As stated in Referrer Policy, user agents can - provide the end user with options to override request's - referrer to "no-referrer" or - have it expose less sensitive information. +

        12. If should request be blocked due to a bad port, + should fetching request be blocked as mixed content, + or + should request be blocked by Content Security Policy + returns blocked, then set response to a network error. [[!MIX]] -

        13. -

          Set request's current URL's scheme to - "https" if all of the following conditions are true: +

        14. If request's referrer policy is the empty string and + request's client is non-null, then set request's + referrer policy to request's client's + referrer policy. [[!REFERRER]] -

          - -
        +
      4. If request's referrer policy is the empty string, then set + request's referrer policy to the + default referrer policy. -

      5. -

        If aborted, then: +

      6. +

        If request's referrer is not "no-referrer", then set + request's referrer to the result of invoking + determine request's referrer. [[!REFERRER]] -

          -
        1. Let aborted be the termination's aborted flag. +

          As stated in Referrer Policy, user agents can provide the end user with + options to override request's referrer to "no-referrer" + or have it expose less sensitive information. -

        2. If aborted is set, then return an aborted network error. +

        3. +

          Set request's current URL's scheme to + "https" if all of the following conditions are true: -

        4. Return a network error. -

        + + -
      7. If request's synchronous flag is unset and - recursive flag is unset, run the remaining steps - in parallel. +

      8. If recursive is false, then run the remaining steps in parallel.

      9. If response is null, then set response to the result of running the steps @@ -3436,8 +3441,7 @@ optionally with a recursive flag, run these steps:

      10. Set request's response tainting to "basic". -

      11. Return the result of performing a scheme fetch - using request. +

      12. Return the result of running scheme fetch given fetchParams.

      HTML assigns any documents and workers created from URLs @@ -3462,8 +3466,8 @@ optionally with a recursive flag, run these steps: response tainting to "opaque". -

    12. Let noCorsResponse be the result of performing a scheme fetch using - request. +

    13. Let noCorsResponse be the result of running scheme fetch given + fetchParams.

    14. If noCorsResponse is a filtered response or the CORB check with @@ -3495,8 +3499,8 @@ optionally with a recursive flag, run these steps: response tainting to "cors". -

    15. Let corsWithPreflightResponse be the result of performing an - HTTP fetch using request with the CORS-preflight flag set. +

    16. Let corsWithPreflightResponse be the result of running HTTP fetch + given fetchParams and true.

    17. If corsWithPreflightResponse is a network error, then clear cache entries using request. @@ -3511,11 +3515,11 @@ optionally with a recursive flag, run these steps: response tainting to "cors". -

    18. Return the result of performing an HTTP fetch using request. +

    19. Return the result of running HTTP fetch given fetchParams.

    -
  3. If the recursive flag is set, return response. +

  4. If recursive is true, then return response.

  5. If response is not a network error and response is not a @@ -3644,47 +3648,42 @@ optionally with a recursive flag, run these steps: internalResponse. That would allow an attacker to use hashes as an oracle.

  6. -

    If request's synchronous flag is set, - wait for internalResponse's - body, and then return response. - -

    This terminates fetch. - -

  7. -

    If request's current URL's scheme is an - HTTP(S) scheme, then: +

    If fetchParams's process response is non-null, then:

      -
    1. If request's body is - done, queue a fetch-request-done task for - request. +

    2. Let processResponse be this step: run fetchParams's + process response given response. -

    3. Otherwise, in parallel, - wait for request's - body, and then - queue a fetch-request-done task for request. +

    4. Queue a fetch task given processResponse, fetchParams's + global, and fetchParams's + algorithm queue.

    -
  8. Queue a fetch task on request to - process response for response. -

  9. Wait for internalResponse's body. -

  10. Queue a fetch task on request to - process response end-of-body for response. +

  11. +

    Let doneAlgorithm be these steps: + +

      +
    1. Set request's done flag. -

    2. Set request's done flag. +

    3. If fetchParams's process response end-of-body is + non-null, then run fetchParams's + process response end-of-body given response. +

    -
  12. Queue a fetch task on request to process response done - for response. +

  13. Queue a fetch task given doneAlgorithm, fetchParams's + global, and fetchParams's + algorithm queue.

Scheme fetch

-

To perform a scheme fetch using -request, switch on request's current URL's +

To scheme fetch, given a +fetch params fetchParams: let request be fetchParams's +request, switch on request's current URL's scheme, and run the associated steps:

@@ -3781,8 +3780,7 @@ optionally with a recursive flag, run these steps:
HTTP(S) scheme
-

Return the result of performing an HTTP fetch - using request. +

Return the result of running HTTP fetch given fetchParams.

Otherwise

Return a network error. @@ -3791,13 +3789,14 @@ optionally with a recursive flag, run these steps:

HTTP fetch

-

To perform an HTTP fetch using request with an -optional CORS-preflight flag, run these steps: - -

The CORS-preflight flag bookkeeping detail indicates a -CORS-preflight request is needed. +

To HTTP fetch, given a fetch params +fetchParams and an optional boolean makeCORSPreflight (default false), run +these steps: +

    +
  1. Let request be fetchParams's request. +

  2. Let response be null.

  3. Let actualResponse be null. @@ -3813,7 +3812,7 @@ optional CORS-preflight flag, run these steps:

    If response is not null, then:

      -
    1. Transmit body for request. +

    2. Transmit request body given fetchParams.

    3. Set actualResponse to response, if response is not a filtered response, and to response's @@ -3847,7 +3846,7 @@ optional CORS-preflight flag, run these steps:

      1. -

        If the CORS-preflight flag is set and one of these conditions is true: +

        If makeCORSPreflight is true and one of these conditions is true:

        • There is no method cache entry match for request's @@ -3863,8 +3862,8 @@ optional CORS-preflight flag, run these steps:

          Then:

            -
          1. Let preflightResponse be the result of performing a - CORS-preflight fetch using request. +

          2. Let preflightResponse be the result of running CORS-preflight fetch + given request.

          3. If preflightResponse is a network error, then return preflightResponse. @@ -3885,8 +3884,8 @@ optional CORS-preflight flag, run these steps:

            Redirects coming from the network (as opposed to from a service worker) are not to be exposed to a service worker. -

          4. Set response and actualResponse to the result of performing an - HTTP-network-or-cache fetch using request. +

          5. Set response and actualResponse to the result of running + HTTP-network-or-cache fetch given fetchParams.

          6. If request's response tainting is "cors" and a @@ -3938,8 +3937,8 @@ optional CORS-preflight flag, run these steps: internal response is actualResponse.

            "follow" -

            Set response to the result of performing HTTP-redirect fetch using - request and response. +

            Set response to the result of running HTTP-redirect fetch given + fetchParams and response.

@@ -3952,13 +3951,13 @@ optional CORS-preflight flag, run these steps:

HTTP-redirect fetch

-

This algorithm is used by HTML's navigate algorithm in addition to -HTTP fetch above. [[!HTML]] - -

To perform an HTTP-redirect fetch using -request and response, run these steps: +

To HTTP-redirect fetch, given a +fetch params fetchParams and a response response, +run these steps:

    +
  1. Let request be fetchParams's request. +

  2. Let actualResponse be response, if response is not a filtered response, and response's internal response otherwise. @@ -4035,30 +4034,58 @@ optional CORS-preflight flag, run these steps: actualResponse. [[!REFERRER]]

  3. -

    Return the result of performing a main fetch using request with - recursive flag set if request's redirect mode is not - "manual". +

    Let recursive be true if request's redirect mode is + not "manual"; otherwise false.

    It can only be "manual" here when this algorithm is invoked directly from HTML's navigate algorithm. -

    This has to invoke main fetch to - get response tainting correct. +

  4. +

    Return the result of running main fetch given fetchParams and + recursive. + +

    This has to invoke main fetch to get + response tainting correct.

-

HTTP-network-or-cache fetch

+ -

To perform an -HTTP-network-or-cache fetch using -request with an optional authentication-fetch flag, run these steps: +

This algorithm is used by HTML's navigate algorithm. [[!HTML]] -

The authentication-fetch flag is a bookkeeping detail. +

To navigate-redirect fetch, given a +request request, response response, and algorithm +processResponse, run these steps: + + +

    +
  1. Assert: request's redirect mode is "manual". + +

  2. Let fetchParams be a new fetch params whose + request is request and + process response is processResponse. + +

  3. Run HTTP-redirect fetch given fetchParams and response. + +

+ + +

HTTP-network-or-cache fetch

-

Some implementations might support caching of partial content, as per HTTP -Range Requests. [[HTTP-RANGE]] However, this is not widely supported by browser caches. +

To HTTP-network-or-cache fetch, given a +fetch params fetchParams and an optional boolean +isAuthenticationFetch (default false), run these steps: + +

Some implementations might support caching of partial content, as per +HTTP Range Requests. However, this is not widely supported by browser caches. +[[HTTP-RANGE]]

    +
  1. Let request be fetchParams's request. + +

  2. Let httpFetchParams be null. +

  3. Let httpRequest be null.

  4. Let response be null. @@ -4075,7 +4102,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    1. If request's window is "no-window" and request's redirect mode is "error", then set - httpRequest to request. + httpFetchParams to fetchParams and httpRequest to + request.

    2. Otherwise: @@ -4091,6 +4119,11 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    3. If body is non-null, then set request's body to a new body whose stream is null and whose source is body's source. + +

    4. Set httpFetchParams to a copy of fetchParams. + +

    5. Set httpFetchParams's request to + httpRequest.

    request is copied as httpRequest here as we @@ -4101,7 +4134,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b null, redirects and authentication will end up failing the fetch.

  5. -

    Let credentials flag be set if one of +

    Let includeCredentials be true if one of

    -

    is true, and unset otherwise. +

    is true; otherwise false.

  6. Let contentLengthValue be null. @@ -4251,7 +4284,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b HTTP header layer division for more details.

  7. -

    If credentials flag is set, then: +

    If includeCredentials is true, then:

    1. @@ -4284,7 +4317,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
    2. Otherwise, if httpRequest's current URL does - include credentials and authentication-fetch flag is set, set + include credentials and isAuthenticationFetch is true, set authorizationValue to httpRequest's current URL, converted to an `Authorization` value. @@ -4349,8 +4382,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b "none".

    3. -

      In parallel, perform main fetch using - revalidateRequest. +

      In parallel, run main fetch given a new fetch params whose + request is revalidateRequest.

      This fetch is only meant to update the state of httpCache and the response will be unused until another cache access. The stale response will be used @@ -4412,8 +4445,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    4. If httpRequest's cache mode is "only-if-cached", then return a network error. -

    5. Let forwardResponse be the result of making an HTTP-network fetch using - httpRequest with credentials flag if set. +

    6. Let forwardResponse be the result of running HTTP-network fetch given + httpFetchParams and includeCredentials.

    7. If httpRequest's method is unsafe and @@ -4463,8 +4496,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    8. If response's status is 401, httpRequest's - response tainting is not "cors", the credentials flag is - set, and request's window is an environment settings object, + response tainting is not "cors", includeCredentials is + true, and request's window is an environment settings object, then:

        @@ -4485,7 +4518,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
      1. If request's use-URL-credentials flag is unset or - authentication-fetch flag is set, then: + isAuthenticationFetch is true, then:

        1. @@ -4510,9 +4543,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b password.
        -
      2. Set response to the result of performing an - HTTP-network-or-cache fetch using - request with authentication-fetch flag set. +

      3. Set response to the result of running HTTP-network-or-cache fetch given + fetchParams and true.

    9. @@ -4543,12 +4575,12 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

      Remaining details surrounding proxy authentication are defined by HTTP. -

    10. Set response to the result of performing an HTTP-network-or-cache fetch - using request. +

    11. Set response to the result of running HTTP-network-or-cache fetch given + fetchParams.

    -
  8. If authentication-fetch flag is set, then create an authentication entry - for request and the given realm. +

  9. If isAuthenticationFetch is true, then create an authentication entry for + request and the given realm.

  10. Return response. Typically response's body's @@ -4558,11 +4590,12 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    HTTP-network fetch

    -

    To perform an HTTP-network fetch using -request with an optional credentials flag, run these steps: +

    To HTTP-network fetch, given a fetch params +fetchParams and an optional boolean includeCredentials (default false), run +these steps:

      -
    1. Let credentials be true if credentials flag is set, and false otherwise. +

    2. Let request be fetchParams's request.

    3. Let response be null. @@ -4588,7 +4621,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

      Let connection be the result of obtaining a connection, given networkPartitionKey, request's current URL's origin, and - credentials. + includeCredentials. @@ -4641,7 +4674,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    4. Otherwise, return a network error.

    -

    Transmit body for request. +

    Transmit request body given fetchParams. +

  • @@ -4693,13 +4727,15 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b httpCache for request.
  • -

    If credentials flag is set and the user agent is not configured to block cookies for - request (see section 7 of - [[!COOKIES]]), then run the "set-cookie-string" parsing algorithm (see section 5.2 of [[!COOKIES]]) on the value of each header whose name is a - byte-case-insensitive match for `Set-Cookie` in response's header list, if any, and request's current URL. +

    If includeCredentials is true and the user agent is not configured to block + cookies for request (see + section 7 of [[!COOKIES]]), then run + the "set-cookie-string" parsing algorithm (see + section 5.2 of [[!COOKIES]]) on the + value of each header whose name is a + byte-case-insensitive match for `Set-Cookie` in response's + header list, if any, and request's + current URL.

    This is a fingerprinting vector. @@ -4756,9 +4792,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

  • If stream is errored, then terminate the ongoing fetch. -

  • If stream doesn't need more data and - request's synchronous flag is unset, ask the user agent to - suspend the ongoing fetch. +

  • If stream doesn't need more data ask the user + agent to suspend the ongoing fetch.

  • Otherwise, if the bytes transmission for response's message body is done @@ -4816,8 +4851,8 @@ the CORS protocol is understood. The so-called CORS-preflight request< successful it populates the CORS-preflight cache to minimize the number of these fetches. -

    To perform a CORS-preflight fetch using request, -run these steps: +

    To CORS-preflight fetch, given a request +request, run these steps:

    1. @@ -4863,8 +4898,8 @@ run these steps:

      This intentionally does not use combine, as 0x20 following 0x2C is not the way this was implemented, for better or worse. -

    2. Let response be the result of performing an HTTP-network-or-cache fetch - using preflight. +

    3. Let response be the result of running HTTP-network-or-cache fetch given + a new fetch params whose request is preflight.

    4. If a CORS check for request and response returns success and @@ -6690,9 +6725,8 @@ method steps are:

  • -

    Fetch request. - -

    To process response for response, run these substeps: +

    Fetch request with processResponse given + response being these substeps:

    1. If locallyAborted is true, terminate these substeps. @@ -6861,7 +6895,6 @@ therefore not shareable, a WebSocket connection is very close to identical to an client is client, service-workers mode is "none", referrer is "no-referrer", - synchronous flag is set, mode is "websocket", credentials mode is "include", @@ -6908,25 +6941,29 @@ therefore not shareable, a WebSocket connection is very close to identical to an `Sec-WebSocket-Extensions`/permessageDeflate to request's header list. -

    2. Let response be the result of fetching - request. - -

    3. If response is a network error or its status is not - 101, fail the WebSocket connection. -

    4. -

      If protocols is not the empty list and extracting header list values given - `Sec-WebSocket-Protocol` and response's header list - results in null, failure, or the empty byte sequence, then fail the WebSocket connection. +

      Fetch request with useParallelQueue + set to true, and processResponse given response being these + steps: -

      This is different from the check on this header defined by The WebSocket Protocol. - That only covers a subprotocol not requested by the client. This covers a subprotocol requested by - the client, but not acknowledged by the server. +

        +
      1. If response is a network error or its status is not + 101, fail the WebSocket connection. -

      2. Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in - section 4.1 of The WebSocket Protocol - to validate response. This either results in fail the WebSocket connection - or the WebSocket connection is established. +

      3. +

        If protocols is not the empty list and extracting header list values given + `Sec-WebSocket-Protocol` and response's header list + results in null, failure, or the empty byte sequence, then fail the WebSocket connection. + +

        This is different from the check on this header defined by The WebSocket Protocol. + That only covers a subprotocol not requested by the client. This covers a subprotocol requested + by the client, but not acknowledged by the server. + +

      4. Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in + section 4.1 of The WebSocket Protocol + to validate response. This either results in fail the WebSocket connection + or the WebSocket connection is established. +

    Fail the WebSocket connection and the WebSocket connection is established