- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 18 Nov 2021 03:24:59 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 November 2021 11:25:12 UTC
@annevk approved this pull request. This looks good editorially. I guess there's still the question of whether we want to abstract "is an origin URL", but that could happen later as well. So this mainly hinges on implementer interest and resolving the question as to whether we should expose more information when CORS is used. > @@ -2820,6 +2823,11 @@ given a <a for=/>request</a> <var>request</var>, run these steps: <li><p>Let <var>serializedOrigin</var> be the result of <a>byte-serializing a request origin</a> with <var>request</var>. + <li><p>If <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a>'s + <a for=origin>host</a> ends with "<code>.onion</code>" or "<code>.onion.</code>", and + is not <a>same origin</a> with <var>request</var>'s <a for=request>origin</a>, then set + <var>serializedOrigin</var> to `<code>null</code>`. [[ONION]] Due to "byte-serializing a request origin" we'll also end up with null if they are same origin but there's a cross-origin redirect in between. Ideally we'd test that, but I guess `.onion` will be hard to test. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1351#pullrequestreview-809792981
Received on Thursday, 18 November 2021 11:25:12 UTC