Re: [whatwg/fetch] Define Cross-Origin-Resource-Policy response header (#733)

annevk commented on this pull request.



> + `<a http-header><code>Cross-Origin-Resource-Policy</code></a>` and <var>response</var>'s
+ <a for=response>header list</a>.
+
+ <li><p>If <var>policy</var> is `<code>same</code>`, then return <b>blocked</b>.
+
+ <li>
+  <p>If <var>policy</var> is `<code>same-site</code>` and neither of the following is true
+
+  <ul class=brief>
+   <li><p><var>request</var>'s <a for=request>origin</a>'s <a for=origin>host</a>
+   <a>is a registrable domain suffix of or is equal to</a> <var>request</var>'s
+   <a for=request>current url</a>'s <a for=url>host</a>
+
+   <li><p><var>request</var>'s <a for=request>current url</a>'s <a for=url>host</a>
+   <a>is a registrable domain suffix of or is equal to</a> <var>request</var>'s
+   <a for=request>origin</a>'s <a for=origin>host</a>

Note: this is now tracked by https://github.com/whatwg/url/pull/391.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/733#discussion_r191150688

Received on Monday, 28 May 2018 08:57:30 UTC