- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 05 Apr 2022 04:59:07 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1422/review/931735081@github.com>
@annevk commented on this pull request. I left a comment in #1421 as well. Not entirely sure about this. > @@ -6030,14 +6033,31 @@ agent's <a>CORS-preflight cache</a> for which there is a <a>cache entry match</a <li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>basic</code>", then return success. + <li><p>Let <var>origin</var> be null if <var>request</var> has a You cannot initialize a variable twice. You want to use "Set ... to". > @@ -6030,14 +6033,31 @@ agent's <a>CORS-preflight cache</a> for which there is a <a>cache entry match</a <li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>basic</code>", then return success. + <li><p>Let <var>origin</var> be null if <var>request</var> has a + <a for=request>redirect-tainted origin</a>, <var>request</var>'s <a for=request>origin</a> + otherwise. + + <li><p>Return the result of performing a <a>TAO origin check</a> given <var>origin</var> and + <var>response</var>. +</ol> + +<p>To perform a <dfn>TAO origin check</dfn> for a null or <span>origin</span> You want to use `<a for=/>` here and below, not `span`. > @@ -6030,14 +6033,31 @@ agent's <a>CORS-preflight cache</a> for which there is a <a>cache entry match</a <li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>basic</code>", then return success. + <li><p>Let <var>origin</var> be null if <var>request</var> has a + <a for=request>redirect-tainted origin</a>, <var>request</var>'s <a for=request>origin</a> + otherwise. + + <li><p>Return the result of performing a <a>TAO origin check</a> given <var>origin</var> and + <var>response</var>. +</ol> + +<p>To perform a <dfn>TAO origin check</dfn> for a null or <span>origin</span> +<var>origin</var> and a <span>response</span> <var>response</var>, run these steps: + +<ol> + <li><p>If <var>origin</var> is <a>same origin</a> with <var>response</var>'s + <a for=response>URL</a>'s <a for=url>origin</a>, then return success. Doesn't this do the wrong thing for A1 -> B -> A2 redirects? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1422#pullrequestreview-931735081 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1422/review/931735081@github.com>
Received on Tuesday, 5 April 2022 11:59:19 UTC