- From: Arthur Sonzogni <notifications@github.com>
- Date: Mon, 01 Nov 2021 16:35:10 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1229/review/794759023@github.com>
@ArthurSonzogni commented on this pull request.
Thanks! @domenic, I addressed your last comments.
> @@ -1892,6 +1892,27 @@ source of security bugs. Please seek security review for features that deal with
<a for="URL serializer"><i>exclude fragment</i></a> set to true.
</ol>
+<p>To check <dfn export>Cross-Origin-Embedder-Policy allows credentials</dfn>, given a
+<a for=/>request</a> <var>request</var>, run theses steps:
Done
> @@ -3507,9 +3532,24 @@ Cross-Origin-Resource-Policy = %s"same-origin" / %s"same-site" / %s"cross-or
<li><p>If <var>policy</var> is neither `<code>same-origin</code>`, `<code>same-site</code>`, nor
`<code>cross-origin</code>`, then set <var>policy</var> to null.
- <li><p>If <var>policy</var> is null and <var>embedderPolicyValue</var> is
- "<code><a for="embedder policy value">require-corp</a></code>", then set <var>policy</var> to
- `<code>same-origin</code>`.
+ <li>
+ <p>If <var>policy</var> is null, switch on <var>embedderPolicyValue</var>:</p>
+ <dl class=switch>
+ <dt>`<a for="embedder policy value">unsafe-none</a>`
Done.
> @@ -4668,6 +4708,9 @@ steps. They return a <a for=/>response</a>.
<p>is true; otherwise false.
+ <li><p>If <a>Cross-Origin-Embedder-Policy allows credentials</a> with <var>request</var> returns
+ false, then set <var>includeCredentials</var> to false.</p>
Done
> @@ -7843,6 +7889,7 @@ Arkadiusz Michalski,
Arne Johannessen,
Artem Skoretskiy,
Arthur Barstow,
+Arthur Sonzogni, <!-- ArthurSonzogni; GitHub -->,
Done.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1229#pullrequestreview-794759023
Received on Monday, 1 November 2021 23:35:23 UTC