[css-masking-1] Fetch doesn't define "potentially CORS-enabled fetch"

[foolip]

https://drafts.fxtf.org/css-masking/#priv-sec says:

User agents must use the potentially CORS-enabled fetch method defined by the [FETCH] specification for all <mask-source>, <clip-source> and <image> values on the mask-image, mask-border-source and clip-path properties. When fetching, user agents must use “Anonymous” mode, set the referrer source to the stylesheet’s URL and set the origin to the URL of the containing document. If this results in network errors, the effect is as if the value none had been specified.

However, Fetch doesn't define "potentially CORS-enabled fetch" and mentions it only in https://fetch.spec.whatwg.org/#goals as having once been in HTML.

Perhaps @annevk can suggest what to say instead.

[foolip]

The original definition can be found in whatwg/html#144, or at https://web.archive.org/web/20150906031258/https://html.spec.whatwg.org/#potentially-cors-enabled-fetch

[svgeesus]

This affects several other CSS specs as well. @annevk What term should be linked to, nowadays, to express this concept?

[annevk]

You probably want to do something similar to https://html.spec.whatwg.org/#create-a-potential-cors-request. In particular, you want to invoke https://fetch.spec.whatwg.org/#concept-fetch with a https://fetch.spec.whatwg.org/#concept-request with the appropriate bits set.

[svgeesus]

Thanks, @annevk !

[svgeesus]

Related issue w3c/csswg-drafts#6076 (on Fonts, but the same issue)

[noamr]

See w3c/csswg-drafts#6715

The "Potentially CORS request" algorithm is specifically to deal with crossorigin attributes etc. In this PR I do something similar for CSS resources (which don't have those HTML attributes).

It's not yet integrated with masking.