From 965b86a57d136254a700ae1ee8197bca0a0967aa Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Tue, 9 Feb 2021 17:23:12 +0100 Subject: [PATCH] Overhaul how standards integrate with fetch This makes some rather big changes: * Requests no longer have a synchronous flag. Blocking a thread is now up to the caller. * Fetch therefore no longer returns a response directly. In parallel callers will need to pass in "callbacks" that are either invoked on a parallel queue or on an event loop. * To hold onto these callbacks as well as some other information a fetch params struct is now passed around the various fetch algorithms. This will allow for cleanup around termination and aborting in the future. Potentially some bookkeeping state from request can move there going forward. * There's a dedicated navigate-redirect fetch algorithm for HTML as the HTTP-redirect fetch algorithm now wants a fetch params instance. * Some allowance for aborting early on in fetch was removed as all that is run synchronously with the code that invoked fetch to begin with. Closes #1164. * Algorithms that needed to be adjusted were changed to use the new Infra patterns for parameters. I also tried to improve naming, e.g., makeCORSPreflight rather than CORS-preflight flag. * "process response done" was removed as it seemed redundant with "response response end-of-body"; possible leftover from trailers. * Removed duplicate task queueing at the end of main fetch for request's body. Fixes #536. --- fetch.bs | 723 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 380 insertions(+), 343 deletions(-) diff --git a/fetch.bs b/fetch.bs index 90ef40c04..621844093 100644 --- a/fetch.bs +++ b/fetch.bs @@ -160,35 +160,40 @@ lt="authentication entry">authentication entries (for HTTP authentication).
-

Tasks that are -queued by this standard are annotated as one -of: +

A fetch params is a struct used in fetching. It has the +following items: -

+
+
request +
A request. -

To queue a fetch task on request -request to run an operation, run these steps: +

process request body (default null) +
process request end-of-body (default null) +
process response (default null) +
process response end-of-body (default null) +
Null or an algorithm. + +
global (default null) +
Null or a global object. + +
algorithm queue (default null) +
Null or a parallel queue. +
+ +

To queue a fetch task, given an algorithm algorithm, null or a +global object global, and null or a parallel queue +parallelQueue, run these steps:

    -
  1. If request's client is - null, terminate these steps. - -

  2. Queue a task to - run an operation on request's - client's - responsible event loop using the - networking task source. +

  3. If parallelQueue is non-null, then + enqueue algorithm to + parallelQueue. + +

  4. Otherwise, queue a global task on the networking task source with + global and algorithm.

-

To queue a fetch-request-done task, given a request, -queue a fetch task on request to process request end-of-body -for request. +


To serialize an integer, represent it as a string of the shortest possible decimal number. @@ -1375,10 +1380,6 @@ to not have to set request's referrer.

This can be used to override a referrer policy associated with an environment settings object. -

A request has an associated -synchronous flag. Unless stated otherwise it is -unset. -

A request has an associated mode, which is "same-origin", "cors", "no-cors", @@ -1654,26 +1655,43 @@ is to return the result of serializing a request origin with request


-

To transmit body for a -request request, run these steps: +

To transmit request body given a +fetch params fetchParams, run these steps:

    -
  1. Let body be request's body. +
  2. Let body be fetchParams's request's + body. + +
  3. +

    If body is null and fetchParams's + process request end-of-body is non-null, then: + +

      +
    1. Let processRequestEndOfBody be this step: run fetchParams's + process request end-of-body given fetchParams's + request. -

    2. If body is null, then queue a fetch task on request to - process request end-of-body for request and abort these steps. +

    3. Queue a fetch task given processRequestEndOfBody, + fetchParams's global, and fetchParams's + algorithm queue.

    4. -

      Let reader be the result of getting a reader for - body's stream. +

      Otherwise, if body is non-null: -

      This operation cannot throw an exception. +

        +
      1. +

        Let reader be the result of getting a reader for + body's stream. -

      2. Perform the transmit-body loop given request, body, and - reader. +

        This operation cannot throw an exception. + +

      3. Perform the transmit-request-body loop given fetchParams, + body, and reader. +

    -

    To perform the transmit-body loop given request, body, and +

    To perform the transmit-request-body loop given a fetch params +fetchParams, body body, and {{ReadableStreamDefaultReader}} reader:

      @@ -1691,21 +1709,34 @@ is to return the result of serializing a request origin with request
    1. Let bs be the byte sequence represented by the {{Uint8Array}} object. +

    2. Let processRequestBody be null. + +

    3. If fetchParams's process request body is non-null, + then set processRequestBody to this step: run fetchParams's + process request body given fetchParams's + request. +

    4. In parallel:

        -
      1. Transmit bs. Whenever one or more bytes are transmitted, increase - body's transmitted bytes by the number of transmitted bytes and - queue a fetch task on request to process request body - for request. +

      2. +

        Transmit bs. Whenever one or more bytes are transmitted, increase + body's transmitted bytes by the number of transmitted bytes and + if processRequestBody is non-null then queue a fetch task given + processRequestBody, fetchParams's global, + and fetchParams's algorithm queue. + +

        This step blocks until bs is fully transmitted. -

        This step blocks until bs is fully transmitted. +

      3. Let algorithm be this step: perform the transmit-request-body loop + given fetchParams, body, and reader. -

      4. If the ongoing fetch is not terminated, then queue a fetch task - on request to perform the transmit-body loop given request, - body, and reader. -

      +
    5. If the ongoing fetch is not terminated, then + queue a fetch task given algorithm, fetchParams's + global, and fetchParams's + algorithm queue. +

close steps @@ -1713,8 +1744,19 @@ is to return the result of serializing a request origin with request
  1. If the ongoing fetch is terminated, then abort these steps. -

  2. Queue a fetch task on request to process request end-of-body - for request. +

  3. +

    If fetchParams's process request end-of-body is + non-null, then: + +

      +
    1. Let processRequestEndOfBody be this step: run fetchParams's + process request end-of-body given fetchParams's + request. + +

    2. Queue a fetch task given processRequestEndOfBody, + fetchParams's global, and fetchParams's + algorithm queue. +

error steps, given e @@ -3188,27 +3230,23 @@ run these steps:

Fetching

-
-

The algorithm below defines fetching. In broad - strokes, it takes a request and outputs a - response. - -

That is, it either returns a response if - request's synchronous flag is set, or it - queues tasks annotated process response, - process response end-of-body, and process response done for the - response. - -

To capture uploads, if request's - synchronous flag is unset, - tasks annotated - process request body and process request end-of-body for the - request can be - queued. -

- -

To perform a fetch using request, run -the steps below. An ongoing fetch can be +

The algorithm below defines fetching. In broad strokes, it takes +a request and one or more algorithms to run at various points during the operation. A +response is passed to the last two algorithms listed below. The first two algorithms +can be used to capture uploads. + +

To fetch, given a request request, an +optional algorithm +processRequestBody, an optional +algorithm +processRequestEndOfBody, +an optional algorithm processResponse, an +optional algorithm +processResponseEndOfBody, +and an optional boolean useParallelQueue (default false), run +the steps below. + +

An ongoing fetch can be terminated with flag aborted, which is unset unless otherwise specified. @@ -3225,198 +3263,165 @@ the request. [[!HTTP-CACHING]]

    -
  1. -

    Run these steps, but abort when the ongoing fetch is terminated: +

  2. Let algorithmQueue be null. -

      -
    1. -

      If request's body is a byte sequence, then: +

    2. If useParallelQueue is true, then set algorithmQueue to the result of + starting a new parallel queue. -

        -
      1. Let body and ignoreType be the result of - safely extracting request's body. +

      2. Let global be null. -

      3. Set request's body to body. -

      +
    3. If request's client is non-null, then set global to + request's client's + global object. -

    4. If request's window is - "client", set request's - window to request's - client, if request's - client's - global object is a - {{Window}} object, and to "no-window" - otherwise. - -

    5. If request's origin is - "client", set request's - origin to request's - client's origin. +

    6. Let fetchParams be a new fetch params whose + request is request, + process request body is processRequestBody, + process request end-of-body is processRequestEndOfBody, + process response is processResponse, + process response end-of-body is processResponseEndOfBody, + global is global, and + algorithm queue is algorithmQueue. -

    7. -

      If request's header list - does not contain `Accept`, then: - -

        -
      1. Let value be `*/*`. +

      2. +

        If request's body is a byte sequence, then: -

      3. -

        A user agent should set value to the first matching statement, if any, switching - on request's destination: - +

          +
        1. Let body and ignoreType be the result of + safely extracting request's body. -

          -
          "document" -
          "frame" -
          "iframe" -
          `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8` +
        2. Set request's body to body. +

        -
        "image" -
        `image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5` +
      4. If request's window is "client", then set + request's window to request's client, + if request's client's + global object is a {{Window}} object; otherwise + "no-window". -

        "style" -
        `text/css,*/*;q=0.1` - +
      5. If request's origin is "client", then set + request's origin to request's client's + origin. -

      6. Append - `Accept`/value to request's - header list. -

      +
    8. +

      If request's header list + does not contain `Accept`, then: -

    9. If request's header list - does not contain `Accept-Language`, user agents should - append - `Accept-Language`/an appropriate value - to request's header list. +

        +
      1. Let value be `*/*`.

      2. -

        If request's priority is null, then use request's - initiator and destination appropriately in setting - request's priority to a user-agent-defined object. +

        A user agent should set value to the first matching statement, if any, switching + on request's destination: + -

        The user-agent-defined object could encompass stream weight and dependency - for HTTP/2, and equivalent information used to prioritize dispatch and processing of - HTTP/1 fetches. +

        +
        "document" +
        "frame" +
        "iframe" +
        `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8` -
      3. -

        If request is a subresource request, then: +

        "image" +
        `image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5` -
          -
        1. Let record be a new - fetch record consisting of - request and this instance of the - fetch algorithm. - -

        2. Append record to request's - client's - fetch group list of - fetch records. -

        +
        "style" +
        `text/css,*/*;q=0.1` +
      4. + +
      5. Append `Accept`/value to + request's header list.

      +
    10. If request's header list + does not contain `Accept-Language`, then user agents should + append `Accept-Language`/an appropriate + value to request's header list. +

    11. -

      If aborted, then: +

      If request's priority is null, then use request's + initiator and destination appropriately in setting + request's priority to a user-agent-defined object. -

        -
      1. Let aborted be the termination's aborted flag. +

        The user-agent-defined object could encompass stream weight and dependency for + HTTP/2, and equivalent information used to prioritize dispatch and processing of HTTP/1 fetches. -

      2. If aborted is set, then return an aborted network error. +

      3. +

        If request is a subresource request, then: -

      4. Return a network error. +

          +
        1. Let record be a new fetch record consisting of + request and this instance of the fetch algorithm. + +

        2. Append record to request's a for=request>client's + fetch group list of fetch records.

        -
      5. Return the result of performing a main fetch - using request. +

      6. Run main fetch given fetchParams.

      Main fetch

      -

      To perform a main fetch using request, -optionally with a recursive flag, run these steps: - -

      When main fetch is invoked recursively -recursive flag is set. +

      To main fetch, given a fetch params +fetchParams and an optional boolean recursive (default false), run these +steps:

        -
      1. Let response be null. - -

      2. -

        Run these steps, but abort when the ongoing fetch is terminated: +

      3. Let request be fetchParams's request. -

          -
        1. If request's local-URLs-only flag is set and request's - current URL is not local, then set response to - a network error. - -

        2. Run report Content Security Policy violations for request. - -

        3. Upgrade request to a potentially secure URL, if appropriate. - [[!UPGRADE]] - -

        4. If - should request be blocked due to a bad port, - should fetching request be blocked as mixed content, - or - should request be blocked by Content Security Policy - returns blocked, then set response to a network error. - [[!MIX]] +

        5. Let response be null. -

        6. If request's referrer policy is the empty string and - request's client is non-null, then set request's - referrer policy to request's client's - referrer policy. - [[!REFERRER]] +

        7. If request's local-URLs-only flag is set and request's + current URL is not local, then set response to a + network error. -

        8. -

          If request's referrer policy - is the empty string, then set request's - referrer policy to the default referrer policy. +

        9. Run report Content Security Policy violations for request. -

        10. -

          If request's referrer - is not "no-referrer", set request's - referrer to the result of invoking - determine request's referrer. - [[!REFERRER]] +

        11. Upgrade request to a potentially secure URL, if appropriate. + [[!UPGRADE]] -

          As stated in Referrer Policy, user agents can - provide the end user with options to override request's - referrer to "no-referrer" or - have it expose less sensitive information. +

        12. If should request be blocked due to a bad port, + should fetching request be blocked as mixed content, + or + should request be blocked by Content Security Policy + returns blocked, then set response to a network error. [[!MIX]] -

        13. -

          Set request's current URL's scheme to - "https" if all of the following conditions are true: +

        14. If request's referrer policy is the empty string and + request's client is non-null, then set request's + referrer policy to request's client's + referrer policy. [[!REFERRER]] -

          - -
        +
      4. If request's referrer policy is the empty string, then set + request's referrer policy to the + default referrer policy. -

      5. -

        If aborted, then: +

      6. +

        If request's referrer is not "no-referrer", then set + request's referrer to the result of invoking + determine request's referrer. [[!REFERRER]] -

          -
        1. Let aborted be the termination's aborted flag. +

          As stated in Referrer Policy, user agents can provide the end user with + options to override request's referrer to "no-referrer" + or have it expose less sensitive information. -

        2. If aborted is set, then return an aborted network error. +

        3. +

          Set request's current URL's scheme to + "https" if all of the following conditions are true: -

        4. Return a network error. -

        + + -
      7. If request's synchronous flag is unset and - recursive flag is unset, run the remaining steps - in parallel. +

      8. If recursive is false, then run the remaining steps in parallel.

      9. If response is null, then set response to the result of running the steps @@ -3436,8 +3441,7 @@ optionally with a recursive flag, run these steps:

      10. Set request's response tainting to "basic". -

      11. Return the result of performing a scheme fetch - using request. +

      12. Return the result of running scheme fetch given fetchParams.

      HTML assigns any documents and workers created from URLs @@ -3462,8 +3466,8 @@ optionally with a recursive flag, run these steps: response tainting to "opaque". -

    12. Let noCorsResponse be the result of performing a scheme fetch using - request. +

    13. Let noCorsResponse be the result of running scheme fetch given + fetchParams.

    14. If noCorsResponse is a filtered response or the CORB check with @@ -3495,8 +3499,8 @@ optionally with a recursive flag, run these steps: response tainting to "cors". -

    15. Let corsWithPreflightResponse be the result of performing an - HTTP fetch using request with the CORS-preflight flag set. +

    16. Let corsWithPreflightResponse be the result of running HTTP fetch + given fetchParams and true.

    17. If corsWithPreflightResponse is a network error, then clear cache entries using request. @@ -3511,11 +3515,11 @@ optionally with a recursive flag, run these steps: response tainting to "cors". -

    18. Return the result of performing an HTTP fetch using request. +

    19. Return the result of running HTTP fetch given fetchParams.

    -
  3. If the recursive flag is set, return response. +

  4. If recursive is true, then return response.

  5. If response is not a network error and response is not a @@ -3644,47 +3648,42 @@ optionally with a recursive flag, run these steps: internalResponse. That would allow an attacker to use hashes as an oracle.

  6. -

    If request's synchronous flag is set, - wait for internalResponse's - body, and then return response. - -

    This terminates fetch. - -

  7. -

    If request's current URL's scheme is an - HTTP(S) scheme, then: +

    If fetchParams's process response is non-null, then:

      -
    1. If request's body is - done, queue a fetch-request-done task for - request. +

    2. Let processResponse be this step: run fetchParams's + process response given response. -

    3. Otherwise, in parallel, - wait for request's - body, and then - queue a fetch-request-done task for request. +

    4. Queue a fetch task given processResponse, fetchParams's + global, and fetchParams's + algorithm queue.

    -
  8. Queue a fetch task on request to - process response for response. -

  9. Wait for internalResponse's body. -

  10. Queue a fetch task on request to - process response end-of-body for response. +

  11. +

    Let doneAlgorithm be these steps: + +

      +
    1. Set request's done flag. -

    2. Set request's done flag. +

    3. If fetchParams's process response end-of-body is + non-null, then run fetchParams's + process response end-of-body given response. +

    -
  12. Queue a fetch task on request to process response done - for response. +

  13. Queue a fetch task given doneAlgorithm, fetchParams's + global, and fetchParams's + algorithm queue.

Scheme fetch

-

To perform a scheme fetch using -request, switch on request's current URL's +

To scheme fetch, given a +fetch params fetchParams: let request be fetchParams's +request, switch on request's current URL's scheme, and run the associated steps:

@@ -3781,8 +3780,7 @@ optionally with a recursive flag, run these steps:
HTTP(S) scheme
-

Return the result of performing an HTTP fetch - using request. +

Return the result of running HTTP fetch given fetchParams.

Otherwise

Return a network error. @@ -3791,13 +3789,14 @@ optionally with a recursive flag, run these steps:

HTTP fetch

-

To perform an HTTP fetch using request with an -optional CORS-preflight flag, run these steps: - -

The CORS-preflight flag bookkeeping detail indicates a -CORS-preflight request is needed. +

To HTTP fetch, given a fetch params +fetchParams and an optional boolean makeCORSPreflight (default false), run +these steps: +

    +
  1. Let request be fetchParams's request. +

  2. Let response be null.

  3. Let actualResponse be null. @@ -3813,7 +3812,7 @@ optional CORS-preflight flag, run these steps:

    If response is not null, then:

      -
    1. Transmit body for request. +

    2. Transmit request body given fetchParams.

    3. Set actualResponse to response, if response is not a filtered response, and to response's @@ -3847,7 +3846,7 @@ optional CORS-preflight flag, run these steps:

      1. -

        If the CORS-preflight flag is set and one of these conditions is true: +

        If makeCORSPreflight is true and one of these conditions is true:

        • There is no method cache entry match for request's @@ -3863,8 +3862,8 @@ optional CORS-preflight flag, run these steps:

          Then:

            -
          1. Let preflightResponse be the result of performing a - CORS-preflight fetch using request. +

          2. Let preflightResponse be the result of running CORS-preflight fetch + given request.

          3. If preflightResponse is a network error, then return preflightResponse. @@ -3885,8 +3884,8 @@ optional CORS-preflight flag, run these steps:

            Redirects coming from the network (as opposed to from a service worker) are not to be exposed to a service worker. -

          4. Set response and actualResponse to the result of performing an - HTTP-network-or-cache fetch using request. +

          5. Set response and actualResponse to the result of running + HTTP-network-or-cache fetch given fetchParams.

          6. If request's response tainting is "cors" and a @@ -3938,8 +3937,8 @@ optional CORS-preflight flag, run these steps: internal response is actualResponse.

            "follow" -

            Set response to the result of performing HTTP-redirect fetch using - request and response. +

            Set response to the result of running HTTP-redirect fetch given + fetchParams and response.

@@ -3952,13 +3951,13 @@ optional CORS-preflight flag, run these steps:

HTTP-redirect fetch

-

This algorithm is used by HTML's navigate algorithm in addition to -HTTP fetch above. [[!HTML]] - -

To perform an HTTP-redirect fetch using -request and response, run these steps: +

To HTTP-redirect fetch, given a +fetch params fetchParams and a response response, +run these steps:

    +
  1. Let request be fetchParams's request. +

  2. Let actualResponse be response, if response is not a filtered response, and response's internal response otherwise. @@ -4035,30 +4034,58 @@ optional CORS-preflight flag, run these steps: actualResponse. [[!REFERRER]]

  3. -

    Return the result of performing a main fetch using request with - recursive flag set if request's redirect mode is not - "manual". +

    Let recursive be true if request's redirect mode is + not "manual"; otherwise false.

    It can only be "manual" here when this algorithm is invoked directly from HTML's navigate algorithm. -

    This has to invoke main fetch to - get response tainting correct. +

  4. +

    Return the result of running main fetch given fetchParams and + recursive. + +

    This has to invoke main fetch to get + response tainting correct.

-

HTTP-network-or-cache fetch

+ -

To perform an -HTTP-network-or-cache fetch using -request with an optional authentication-fetch flag, run these steps: +

This algorithm is used by HTML's navigate algorithm. [[!HTML]] -

The authentication-fetch flag is a bookkeeping detail. +

To navigate-redirect fetch, given a +request request, response response, and algorithm +processResponse, run these steps: + + +

    +
  1. Assert: request's redirect mode is "manual". + +

  2. Let fetchParams be a new fetch params whose + request is request and + process response is processResponse. + +

  3. Run HTTP-redirect fetch given fetchParams and response. + +

+ + +

HTTP-network-or-cache fetch

-

Some implementations might support caching of partial content, as per HTTP -Range Requests. [[HTTP-RANGE]] However, this is not widely supported by browser caches. +

To HTTP-network-or-cache fetch, given a +fetch params fetchParams and an optional boolean +isAuthenticationFetch (default false), run these steps: + +

Some implementations might support caching of partial content, as per +HTTP Range Requests. However, this is not widely supported by browser caches. +[[HTTP-RANGE]]

    +
  1. Let request be fetchParams's request. + +

  2. Let httpFetchParams be null. +

  3. Let httpRequest be null.

  4. Let response be null. @@ -4075,7 +4102,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    1. If request's window is "no-window" and request's redirect mode is "error", then set - httpRequest to request. + httpFetchParams to fetchParams and httpRequest to + request.

    2. Otherwise: @@ -4091,6 +4119,11 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    3. If body is non-null, then set request's body to a new body whose stream is null and whose source is body's source. + +

    4. Set httpFetchParams to a copy of fetchParams. + +

    5. Set httpFetchParams's request to + httpRequest.

    request is copied as httpRequest here as we @@ -4101,7 +4134,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b null, redirects and authentication will end up failing the fetch.

  5. -

    Let credentials flag be set if one of +

    Let includeCredentials be true if one of

    -

    is true, and unset otherwise. +

    is true; otherwise false.

  6. Let contentLengthValue be null. @@ -4251,7 +4284,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b HTTP header layer division for more details.

  7. -

    If credentials flag is set, then: +

    If includeCredentials is true, then:

    1. @@ -4284,7 +4317,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
    2. Otherwise, if httpRequest's current URL does - include credentials and authentication-fetch flag is set, set + include credentials and isAuthenticationFetch is true, set authorizationValue to httpRequest's current URL, converted to an `Authorization` value. @@ -4349,8 +4382,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b "none".

    3. -

      In parallel, perform main fetch using - revalidateRequest. +

      In parallel, run main fetch given a new fetch params whose + request is revalidateRequest.

      This fetch is only meant to update the state of httpCache and the response will be unused until another cache access. The stale response will be used @@ -4412,8 +4445,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    4. If httpRequest's cache mode is "only-if-cached", then return a network error. -

    5. Let forwardResponse be the result of making an HTTP-network fetch using - httpRequest with credentials flag if set. +

    6. Let forwardResponse be the result of running HTTP-network fetch given + httpFetchParams and includeCredentials.

    7. If httpRequest's method is unsafe and @@ -4463,8 +4496,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    8. If response's status is 401, httpRequest's - response tainting is not "cors", the credentials flag is - set, and request's window is an environment settings object, + response tainting is not "cors", includeCredentials is + true, and request's window is an environment settings object, then:

        @@ -4485,7 +4518,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
      1. If request's use-URL-credentials flag is unset or - authentication-fetch flag is set, then: + isAuthenticationFetch is true, then:

        1. @@ -4510,9 +4543,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b password.
        -
      2. Set response to the result of performing an - HTTP-network-or-cache fetch using - request with authentication-fetch flag set. +

      3. Set response to the result of running HTTP-network-or-cache fetch given + fetchParams and true.

    9. @@ -4543,12 +4575,12 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

      Remaining details surrounding proxy authentication are defined by HTTP. -

    10. Set response to the result of performing an HTTP-network-or-cache fetch - using request. +

    11. Set response to the result of running HTTP-network-or-cache fetch given + fetchParams.

    -
  8. If authentication-fetch flag is set, then create an authentication entry - for request and the given realm. +

  9. If isAuthenticationFetch is true, then create an authentication entry for + request and the given realm.

  10. Return response. Typically response's body's @@ -4558,11 +4590,12 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    HTTP-network fetch

    -

    To perform an HTTP-network fetch using -request with an optional credentials flag, run these steps: +

    To HTTP-network fetch, given a fetch params +fetchParams and an optional boolean includeCredentials (default false), run +these steps:

      -
    1. Let credentials be true if credentials flag is set, and false otherwise. +

    2. Let request be fetchParams's request.

    3. Let response be null. @@ -4588,7 +4621,7 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

      Let connection be the result of obtaining a connection, given networkPartitionKey, request's current URL's origin, and - credentials. + includeCredentials. @@ -4641,7 +4674,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

    4. Otherwise, return a network error.

    -

    Transmit body for request. +

    Transmit request body given fetchParams. +

  • @@ -4693,13 +4727,15 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b httpCache for request.
  • -

    If credentials flag is set and the user agent is not configured to block cookies for - request (see section 7 of - [[!COOKIES]]), then run the "set-cookie-string" parsing algorithm (see section 5.2 of [[!COOKIES]]) on the value of each header whose name is a - byte-case-insensitive match for `Set-Cookie` in response's header list, if any, and request's current URL. +

    If includeCredentials is true and the user agent is not configured to block + cookies for request (see + section 7 of [[!COOKIES]]), then run + the "set-cookie-string" parsing algorithm (see + section 5.2 of [[!COOKIES]]) on the + value of each header whose name is a + byte-case-insensitive match for `Set-Cookie` in response's + header list, if any, and request's + current URL.

    This is a fingerprinting vector. @@ -4756,9 +4792,8 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

  • If stream is errored, then terminate the ongoing fetch. -

  • If stream doesn't need more data and - request's synchronous flag is unset, ask the user agent to - suspend the ongoing fetch. +

  • If stream doesn't need more data ask the user + agent to suspend the ongoing fetch.

  • Otherwise, if the bytes transmission for response's message body is done @@ -4816,8 +4851,8 @@ the CORS protocol is understood. The so-called CORS-preflight request< successful it populates the CORS-preflight cache to minimize the number of these fetches. -

    To perform a CORS-preflight fetch using request, -run these steps: +

    To CORS-preflight fetch, given a request +request, run these steps:

    1. @@ -4863,8 +4898,8 @@ run these steps:

      This intentionally does not use combine, as 0x20 following 0x2C is not the way this was implemented, for better or worse. -

    2. Let response be the result of performing an HTTP-network-or-cache fetch - using preflight. +

    3. Let response be the result of running HTTP-network-or-cache fetch given + a new fetch params whose request is preflight.

    4. If a CORS check for request and response returns success and @@ -6690,9 +6725,8 @@ method steps are:

  • -

    Fetch request. - -

    To process response for response, run these substeps: +

    Fetch request with processResponse given + response being these substeps:

    1. If locallyAborted is true, terminate these substeps. @@ -6861,7 +6895,6 @@ therefore not shareable, a WebSocket connection is very close to identical to an client is client, service-workers mode is "none", referrer is "no-referrer", - synchronous flag is set, mode is "websocket", credentials mode is "include", @@ -6908,25 +6941,29 @@ therefore not shareable, a WebSocket connection is very close to identical to an `Sec-WebSocket-Extensions`/permessageDeflate to request's header list. -

    2. Let response be the result of fetching - request. - -

    3. If response is a network error or its status is not - 101, fail the WebSocket connection. -

    4. -

      If protocols is not the empty list and extracting header list values given - `Sec-WebSocket-Protocol` and response's header list - results in null, failure, or the empty byte sequence, then fail the WebSocket connection. +

      Fetch request with useParallelQueue + set to true, and processResponse given response being these + steps: -

      This is different from the check on this header defined by The WebSocket Protocol. - That only covers a subprotocol not requested by the client. This covers a subprotocol requested by - the client, but not acknowledged by the server. +

        +
      1. If response is a network error or its status is not + 101, fail the WebSocket connection. -

      2. Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in - section 4.1 of The WebSocket Protocol - to validate response. This either results in fail the WebSocket connection - or the WebSocket connection is established. +

      3. +

        If protocols is not the empty list and extracting header list values given + `Sec-WebSocket-Protocol` and response's header list + results in null, failure, or the empty byte sequence, then fail the WebSocket connection. + +

        This is different from the check on this header defined by The WebSocket Protocol. + That only covers a subprotocol not requested by the client. This covers a subprotocol requested + by the client, but not acknowledged by the server. + +

      4. Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in + section 4.1 of The WebSocket Protocol + to validate response. This either results in fail the WebSocket connection + or the WebSocket connection is established. +

    Fail the WebSocket connection and the WebSocket connection is established