hixie: Change crossorigin='' to act like No CORS mode for same-origin resources, at least until a cross-origin redirect comes along. (whatwg r6926) from poot on 2012-01-28 (public-html-diffs@w3.org from January 2012)

From: poot <cvsmail@w3.org>
Date: Fri, 27 Jan 2012 21:02:05 -0500
To: public-html-diffs@w3.org
Message-Id: <E1RqxcD-0001wV-Bg@jay.w3.org>
hixie: Change crossorigin='' to act like No CORS mode for same-origin
resources, at least until a cross-origin redirect comes along. (whatwg
r6926)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5523&r2=1.5524&f=h
http://html5.org/tools/web-apps-tracker?from=6925&to=6926

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5523
retrieving revision 1.5524
diff -u -d -r1.5523 -r1.5524
--- Overview.html 27 Jan 2012 18:55:57 -0000 1.5523
+++ Overview.html 28 Jan 2012 02:01:49 -0000 1.5524
@@ -320,7 +320,7 @@
 
    <h1>HTML5</h1>
    <h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-   <h2 class="no-num no-toc" id="editor-s-draft-27-january-2012">Editor's Draft 27 January 2012</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-28-january-2012">Editor's Draft 28 January 2012</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -467,7 +467,7 @@
   Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation
   track.
-  This specification is the 27 January 2012 Editor's Draft.
+  This specification is the 28 January 2012 Editor's Draft.
   </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><p>Work on this specification is also done at the <a href="http://www.whatwg.org/">WHATWG</a>. The W3C HTML working group
   actively pursues convergence with the WHATWG, as required by the <a href="http://www.w3.org/2007/03/HTML-WG-charter">W3C HTML working
   group charter</a>.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
@@ -7221,7 +7221,9 @@
   resource as either <dfn id="cors-same-origin">CORS-same-origin</dfn> or
   <dfn id="cors-cross-origin">CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
 
-  <dl class="switch"><dt>If <var title="">mode</var> is "<a href="#attr-crossorigin-none" title="attr-crossorigin-none">No CORS</a>"</dt>
+  <dl class="switch"><dt>If the <var title="">URL</var> has the <a href="#same-origin">same origin</a> as <var title="">origin</var></dt>
+
+   <dt>If <var title="">mode</var> is "<a href="#attr-crossorigin-none" title="attr-crossorigin-none">No CORS</a>"</dt>
 
    <dd>
 
@@ -7238,18 +7240,28 @@
      <li>
 
       <p>If the result of the <a href="#fetch">fetch</a> is a redirect, and
-      <var title="">result</var> still has no value, then apply the
-      CORS <a href="#redirect-steps">redirect steps</a>, with the CORS
+      the <var title="">mode</var> is not "<a href="#attr-crossorigin-none" title="attr-crossorigin-none">No CORS</a>", and the
+      <a href="#origin">origin</a> of the target URL of the redirect is not the
+      <a href="#same-origin">same origin</a> as <var title="">origin</var>, then set
+      <var title="">URL</var> to the the target URL of the redirect
+      and return to the top of the <a href="#potentially-cors-enabled-fetch">potentially CORS-enabled
+      fetch</a> algorithm (this time, the branch below will be
+      taken, resulting in the fetch being done in a CORS-aware
+      fashion).</p>
+
+      <p>Otherwise, if the result of the <a href="#fetch">fetch</a> is a
+      redirect, and <var title="">result</var> still has no value,
+      then apply the CORS <a href="#redirect-steps">redirect steps</a>, with the CORS
       <a href="#credential-flag">credential flag</a> set to true and the <i>request
       rules</i> being that the user agent continue to follow these
       steps. If this resumes the <a href="#fetch">fetch</a> algorithm, then
-      return to the <i>loop</i> step. If it failed due to a failure
-      of the CORS <a href="#resource-sharing-check">resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
+      return to the <i>loop</i> step. If it failed due to a failure of
+      the CORS <a href="#resource-sharing-check">resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
       labeled <i>end</i>; if <var title="">default</var> is
       <i>taint</i>, then set <var title="">result</var> to
-      <i>taint</i>, <a href="#transparently-follow-the-redirect">transparently follow the redirect</a>
-      but with the <i>manual redirect flag</i> no longer set, and
-      jump to the step labeled <i>end</i> below.</p>
+      <i>taint</i>, <a href="#transparently-follow-the-redirect">transparently follow the redirect</a> but
+      with the <i>manual redirect flag</i> no longer set, and jump to
+      the step labeled <i>end</i> below.</p>
 
       <p>Otherwise, if the resource is not available (e.g. there is
       a network error) then set <var title="">result</var> to the
Received on Saturday, 28 January 2012 02:02:12 UTC