From dca22952c1c7ef7619a5c74ae421f9177b973628 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 16 Nov 2018 14:48:18 +0100
Subject: [PATCH] Take tainted origin flag into account for the same origin
 check

This also addresses #737 in that now A -> B -> A would be considered cross-origin even for "no-cors", but leaving that open for further plumbing in HTML et al to override that in select cases (e.g., <img>).

Fixes #756.
---
 fetch.bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fetch.bs b/fetch.bs
index eabf99559..889940c7c 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -2997,8 +2997,8 @@ with a <i>CORS flag</i> and <i>recursive flag</i>, run these steps:
 
   <dl class=switch>
    <dt><var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a> is
-   <a>same origin</a> with <var>request</var>'s <a for=request>origin</a> and <i>CORS flag</i> is
-   unset
+   <a>same origin</a> with <var>request</var>'s <a for=request>origin</a>, <var>request</var>'s
+   <a for=request>tainted origin flag</a> is unset, and the <i>CORS flag</i> is unset
    <dt><var>request</var>'s <a for=request>current URL</a>'s <a for=url>scheme</a> is
    "<code>data</code>"
    <dt><var>request</var>'s <a for=request>mode</a> is