Re: [w3c/ServiceWorker] Introduce Cross-Origin Embedder Policy (#1516)

@annevk commented on this pull request.

> +  <section algorithm>
+    <h3 id="cross-origin-resource-policy-check-for-cached-resource-algorithm"><dfn>Cross-Origin Resource Policy Check for Cached Resource</dfn></h3>
+      : Input
+      :: |passed request|, a [=/request=]
+      :: |response|, a [=/response=]
+      :: |settings object|, an [=/environment settings object=]
+      : Output
+      :: a boolean
+      1. If |response|'s [=response/type=] is not "<code>opaque</code>", then return true.
+      1. Let |request| be a copy of |passed request|.
+      1. Set |request|'s [=request/mode=] to "<code>no-cors</code>".
+      1. Set |request|'s [=request/origin=] to |settings object|'s [=environment settings object/origin=].
+      1. Set |request|'s [=request/client=] to |settings object|.
+      1. Return true if [=cross-origin resource policy check=] with |request| and |response| returns <b>allowed</b>, and false otherwise.

As far as I can tell you moved this algorithm, but didn't change it. Why do we need to change request's origin and such? Why does request's mode need to be overridden?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:

Received on Wednesday, 3 June 2020 09:09:25 UTC