Re: [fetch] Integrating support for PasswordCredential objects. (#237)

> @@ -4108,9 +4136,18 @@ <h3 id="request-class"><span class="secno">6.3 </span>Request class</h3>
>   <code title="">credentials</code> member if it is present, and
>   <var>fallbackCredentials</var> otherwise.
>  
> - <li><p>If <var>credentials</var> is non-null, set <var>request</var>'s
> - <a href="#concept-request-credentials-mode" title="concept-request-credentials-mode">credentials mode</a> to
> - <var>credentials</var>.
> + <li><p>If <var>credentials</var> is non-null:
> +   
> +   <ol>
> +     <li>If <var>credentials</var> is a
> +     <a href="https://w3c.github.io/webappsec-credential-management/#interfaces-credential-types-passwordcredential">PasswordCredential</a>,
> +     set <var>request</var>'s <a href="#concept-request-credentials-mode" title="concept-request-credentials-mode">credentials mode</a> to
> +     "<code title="">attached-credential</code>", and <var>request</var>'s
> +     <a href="#concept-request-attached-credential" title="concept-request-attached-credential">attached credential</a> to

We have generally deferred same-origin checks to the network layer. I don't think there's a strong reason to not do that here.

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/237/files#r55527289

Received on Wednesday, 9 March 2016 14:43:14 UTC