- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 15 Apr 2025 05:10:22 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 15 April 2025 12:10:25 UTC
@annevk commented on this pull request.
>
<li>Set <var>lastURL</var> to <var>url</var>.
</ol>
- <li>Return false.
+ <li>Return <var>computedTaint</var>.
```suggestion
<li><p>Return <var>computedTaint</var>.
```
> @@ -2372,8 +2403,8 @@ source of security bugs. Please seek security review for features that deal with
"<a for="embedder policy value"><code>credentialless</code></a>", then return true.</p>
<li><p>If <var>request</var>'s <a for=request>origin</a> is <a>same origin</a> with
- <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a> and <var>request</var>
- does not have a <a for=request>redirect-tainted origin</a>, then return true.</p>
+ <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a> and <var>request</var>'s
+ <a for=request>redirect-taint</a> is not "<code>same-origin</code>", then return true.</p>
```suggestion
<a for=request>redirect-taint</a> is not "<code>same-origin</code>", then return true.
```
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1807#pullrequestreview-2767999955
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/fetch/pull/1807/review/2767999955@github.com>
Received on Tuesday, 15 April 2025 12:10:25 UTC