From 2cdb79de4c670672dc667b41e4446d53aae39f9d Mon Sep 17 00:00:00 2001
From: Jeffrey Yasskin <jyasskin@chromium.org>
Date: Mon, 6 Aug 2018 14:48:07 -0700
Subject: [PATCH] Block redirects and sxg's inside sxg's.

As previously agreed with Chrome's loading team.
---
 loading.bs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/loading.bs b/loading.bs
index c3171787a..4599d4863 100644
--- a/loading.bs
+++ b/loading.bs
@@ -412,6 +412,12 @@ following steps:
     either "`deprecated`" or "`modern`".
 
     Note: See <a spec="fetch">HTTP-network fetch</a> for details of this choice.
+1. If |parsedExchange|'s [=exchange/response=]'s [=response/status=] is a
+    [=redirect status=] or the [=signed exchange version=] of |parsedExchange|'s
+    [=exchange/response=] is not undefined, return a failure.
+
+    Note: This may simplify the UA's implementation, since it doesn't have to
+    handle nested signed exchanges.
 1. [=Read a body=] from |stream| into |parsedExchange|'s [=exchange/response=]
     using |parsedSignature| to check its integrity. If this is a failure, return
     the failure.