- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 05 Jun 2020 03:45:53 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 5 June 2020 10:46:06 UTC
@annevk commented on this pull request. > </ol> +<p>To perform a <dfn export>cross-origin resource policy check</dfn>, given an <a for=url>origin</a> +origin, an <a for=/>environment settings object</a> <var>settingsObject</var>, a +<a for=/>response</a> <var>response</var>, and an optional <i>navigation flag</i>, run these steps: + +<p class="note no-backref">Only HTML's navigate algorithm uses this check with the +<i>navigation flag</i> set, and it's always for nested navigations. Otherwise, <var>response</var> +is either the <a for=internal>internal response</a> of an <a>opaque filtered response</a> or +a <a for=/>response</a> which will be the <a for=internal>internal response</a> of an +<a>opaque filtered response</a>. [[HTML]] If we make HTML not invoke this when the embedder policy is "unsafe-none", wouldn't that be easier? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1030#pullrequestreview-425192229
Received on Friday, 5 June 2020 10:46:06 UTC