- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 28 Jun 2016 02:31:40 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc:
- Message-ID: <whatwg/fetch/pull/325/r68725638@github.com>
> @@ -3049,6 +3067,32 @@ <h4 id="should-response-to-request-be-blocked-due-to-nosniff?"><dfn title="shoul > to `<code title>GET</code>` and <var>request</var>'s <span title=concept-request-body>body</span> > to null. > > + <li><p>Let <var>useReferredTokenBinding</var> be the result of > + <span title=concept-header-parse>parsing</span> > + `<code title>Include-Referer-Token-Binding-ID</code>` in <var>actualResponse</var>'s > + <span title=concept-response-header-list>header list</span>. > + The value of this header is specified in > + <a href="https://tools.ietf.org/id/draft-ietf-tokbind-https-03.xml#rfc.section.3.3">section 3.3</a> > + of the Token Binding over HTTP spec. > + <p class="note no-backref">By setting the <code title>Include-Referer-Token-Binding-ID</code> > + header to <var>true</var>, the origin that sends a redirect response tells the User Agent to > + disclose the Token Binding Id used by the User Agent with that origin to the target origin. > + > + <li><p>Clear the request's <var>use-referred-token-binding</var> flag. It should be unset. Also, this should not use `<var>` but it needs to use `<span title=name-of-the-thing>`. "request" should probably be wrapped in `<var>` as it is elsewhere. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325/files/3c6e385c02263aa186eef6eb4243f51ea5c706cc#r68725638
Received on Tuesday, 28 June 2016 09:32:21 UTC