Re: [whatwg/fetch] Integrate CORP and COEP (#1030)

@annevk commented on this pull request.



>  </ol>
 
 
+<p>To perform a <dfn export>cross-origin resource policy check</dfn>, given an <a for=url>origin</a>
+origin, an <a for=/>environment settings object</a> <var>settingsObject</var>, a
+<a for=/>response</a> <var>response</var>, and an optional <i>navigation flag</i>, run these steps:
+
+<p class="note no-backref">Only HTML's navigate algorithm uses this check with the
+<i>navigation flag</i> set, and it's always for nested navigations. Otherwise, <var>response</var>
+is either the <a for=internal>internal response</a> of an <a>opaque filtered response</a> or
+a <a for=/>response</a> which will be the <a for=internal>internal response</a> of an
+<a>opaque filtered response</a>. [[HTML]]

If we make HTML not invoke this when the embedder policy is "unsafe-none", wouldn't that be easier?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1030#pullrequestreview-425192229

Received on Friday, 5 June 2020 10:46:06 UTC