- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 11 Feb 2022 05:59:53 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1388/review/880207733@github.com>
@annevk commented on this pull request. > <li><p>Let <var>values</var> be the result of <a for="header list">getting, decoding, and splitting</a> `<code>Timing-Allow-Origin</code>` from <var>response</var>'s <a for=response>header list</a>. <li><p>If <var>values</var> <a for=list>contains</a> "<code>*</code>", then return success. - <li><p>If <var>values</var> <a for=list>contains</a> the result of - <a>serializing a request origin</a> with <var>request</var>, then return success. + <li><p>If <var>values</var> <a for=list>contains</a> <var>origin</var>, then return success. If _origin_ is an origin this doesn't work, right? It seems elsewhere you are invoking this with a string, so maybe _origin_ is supposed to be an origin? > @@ -5968,14 +5988,25 @@ agent's <a>CORS-preflight cache</a> for which there is a <a>cache entry match</a <li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>basic</code>", then return success. + <li><p>Let <var>origin</var> be the result of <a>serializing a request origin</a> with + <var>request</var>. + + <li><p>Return the result of calling <a>TAO origin check</a> with <var>origin</var> and + <var>response</var>. +</ol> + +<p>To perform a <dfn id=concept-tao-origin-check>TAO origin check</dfn> for an +<a for=/>origin</a> <var>origin</var> and a <a for=/>response</a> <var>response</var>, run these Nit: flip these arguments. > @@ -4289,6 +4289,26 @@ steps: <var>response</var>, a <a for=/>global object</a> <var>global</var>, and a <a for=/>string</a> <var>initiatorType</var> (default "<code>other</code>"), run these steps: +<ol> + <li><p>Let <var>taoPass</var> be true if <var>response</var>'s + <a for=response>timing allow passed flag</a> is set; otherwise false. + + <li>Set <var>response</var>'s <a for="response">timing info</a> to the + result of calling <a>report timing</a> given <var>response</var>, <var>global</var>, + <var>initiatorType</var>, and <var>taoPass</var>. +</ol> + +<p>To <dfn export>report timing with origin</dfn> given a <a for=/>response</a> with an origin*? > @@ -4289,6 +4289,26 @@ steps: <var>response</var>, a <a for=/>global object</a> <var>global</var>, and a <a for=/>string</a> <var>initiatorType</var> (default "<code>other</code>"), run these steps: +<ol> + <li><p>Let <var>taoPass</var> be true if <var>response</var>'s + <a for=response>timing allow passed flag</a> is set; otherwise false. + + <li>Set <var>response</var>'s <a for="response">timing info</a> to the + result of calling <a>report timing</a> given <var>response</var>, <var>global</var>, + <var>initiatorType</var>, and <var>taoPass</var>. +</ol> + +<p>To <dfn export>report timing with origin</dfn> given a <a for=/>response</a> This algorithm should also have a note that indicates it's called by HTML, ideally with a reference to the algorithm that does it. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1388#pullrequestreview-880207733 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1388/review/880207733@github.com>
Received on Friday, 11 February 2022 14:00:06 UTC