Skip to content

Commit

Permalink
add tainted origin flag concept
Browse files Browse the repository at this point in the history
  • Loading branch information
@annevk
annevk committed May 24, 2018
1 parent 9ffa224 commit 49420f8
Showing 1 changed file with 42 additions and 33 deletions.
75 changes: 42 additions & 33 deletions fetch.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -950,12 +950,9 @@ user-agent-defined object). Unless otherwise stated it is null.
"<code>client</code>" or an <a for=/>origin</a>. Unless stated otherwise it is
"<code>client</code>".

<p class="note no-backref">"<code>client</code>" is changed to an
<a for=/>origin</a> during <a lt=fetch for=/>fetching</a>. It
provides a convenient way for standards to not have to set
<p class="note no-backref">"<code>client</code>" is changed to an <a for=/>origin</a> during
<a lt=fetch for=/>fetching</a>. It provides a convenient way for standards to not have to set
<a for=/>request</a>'s <a for=request>origin</a>.
<a for=/>Request</a>'s <a for=request>origin</a> can be
changed during redirects too.

<p>A <a for=/>request</a> has an associated
<dfn export for=request id=concept-request-referrer>referrer</dfn>, which is
Expand Down Expand Up @@ -1149,6 +1146,10 @@ determine whether requests or responses are to be blocked in a given context. [[

<hr>

<p>A <a for=/>request</a> has an associated
<dfn for=request id=concept-request-tainted-origin>tainted origin flag</dfn>. Unless stated
otherwise, it is unset.

<p>A <a for=/>request</a> has an associated
<dfn export for=request id=concept-request-url-list>url list</dfn> (a list of one or more
<a for=/>URLs</a>). Unless stated otherwise, it is a list containing a copy of
Expand Down Expand Up @@ -1176,13 +1177,10 @@ Unless stated otherwise, it is unset.

<p class="note no-backref">This flag is for exclusive use by HTML's navigate algorithm. [[!HTML]]

<p class="note no-backref">A <a for=/>request</a>'s
<a for=request>url list</a>,
<a for=request>current url</a>,
<a for=request>redirect count</a>,
<a for=request>response tainting</a>, and
<a>done flag</a> are used as bookkeeping details by the
<a for=/>fetch</a> algorithm.
<p class="note no-backref">A <a for=/>request</a>'s <a for=request>tainted origin flag</a>,
<a for=request>url list</a>, <a for=request>current url</a>, <a for=request>redirect count</a>,
<a for=request>response tainting</a>, and <a for=request>done flag</a> are used as bookkeeping
details by the <a for=/>fetch</a> algorithm.

<hr>

Expand Down Expand Up @@ -3316,13 +3314,11 @@ optional <i>CORS flag</i> and <i>CORS-preflight flag</i>, run these steps:
<a for=request>redirect count</a> by one.

<li><p>If <var>request</var>'s <a for=request>mode</a> is "<code>cors</code>",
<var>request</var>'s <a for=request>origin</a> is <em>not</em>
<a>same origin</a> with <var>actualResponse</var>'s
<a for=response>location URL</a>'s
<a for=url>origin</a>, and <var>actualResponse</var>'s
<a for=response>location URL</a>
<a lt="include credential">includes credentials</a>, then return a
<a>network error</a>.
<var>actualResponse</var>'s <a for=response>location URL</a>
<a lt="include credential">includes credentials</a>, and either <var>request</var>'s
<a for=request>tainted origin flag</a> is set or <var>request</var>'s <a for=request>origin</a> is
not <a>same origin</a> with <var>actualResponse</var>'s <a for=response>location URL</a>'s
<a for=url>origin</a>, then return a <a>network error</a>.

<li>
<p>If <i>CORS flag</i> is set and <var>actualResponse</var>'s
Expand All @@ -3340,7 +3336,7 @@ optional <i>CORS flag</i> and <i>CORS-preflight flag</i>, run these steps:
not <a>same origin</a> with <var>request</var>'s <a for=request>current url</a>'s
<a for=url>origin</a> and <var>request</var>'s <a for=request>origin</a> is not <a>same origin</a>
with <var>request</var>'s <a for=request>current url</a>'s <a for=url>origin</a>, then set
<var>request</var>'s <a for=request>origin</a> to a unique <a>opaque origin</a>.
<var>request</var>'s <a for=request>tainted origin flag</a>.

<li><p>If either <var>actualResponse</var>'s <a for=response>status</a> is
<code>301</code> or <code>302</code> and <var>request</var>'s
Expand Down Expand Up @@ -3502,13 +3498,21 @@ Range Requests</cite>. [[HTTP-RANGE]] However, this is not widely supported by b
<!-- XXX ideally we have an easier way to convert something ASCII-safe into bytes
concept-as-bytes -->

<li><p>If the <i>CORS flag</i> is set, <var>httpRequest</var>'s <a for=request>method</a> is
neither `<code>GET</code>` nor `<code>HEAD</code>`, or <var>httpRequest</var>'s
<a for=request>mode</a> is "<code>websocket</code>", then <a for="header list">append</a>
`<code>Origin</code>`/<var>httpRequest</var>'s <a for=request>origin</a>,
<a lt="ASCII serialization of an origin">serialized</a> and <a>UTF-8 encoded</a>, to
<var>httpRequest</var>'s <a for=request>header list</a>.
<!-- XXX concept-as-bytes -->
<li>
<p>If the <i>CORS flag</i> is set, <var>httpRequest</var>'s <a for=request>method</a> is neither
`<code>GET</code>` nor `<code>HEAD</code>`, or <var>httpRequest</var>'s <a for=request>mode</a>
is "<code>websocket</code>", then:</p>

<ol>
<li><p>Let <var>originHeaderValue</var> be <var>httpRequest</var>'s <a for=request>origin</a>,
<a lt="ASCII serialization of an origin">serialized</a> and <a>UTF-8 encoded</a>.

<li><p>If <var>httpRequest</var>'s <a for=request>tainted origin flag</a> is set, then set
<var>originHeaderValue</var> to `<code>null</code>`.

<li><p><a for="header list">Append</a> `<code>Origin</code>`/<var>originHeaderValue</var>, to
<var>httpRequest</var>'s <a for=request>header list</a>.
</ol>

<li><p>If <var>httpRequest</var>'s <a for=request>header list</a>
<a for="header list">does not contain</a> `<code>User-Agent</code>`, then user agents should
Expand Down Expand Up @@ -4141,8 +4145,10 @@ steps:
<a for=request>initiator</a> is <var>request</var>'s <a for=request>initiator</a>,
<a for=request>destination</a> is <var>request</var>'s <a for=request>destination</a>,
<a for=request>origin</a> is <var>request</var>'s <a for=request>origin</a>,
<a for=request>referrer</a> is <var>request</var>'s <a for=request>referrer</a>, and
<a for=request>referrer policy</a> is <var>request</var>'s <a for=request>referrer policy</a>.
<a for=request>referrer</a> is <var>request</var>'s <a for=request>referrer</a>,
<a for=request>referrer policy</a> is <var>request</var>'s <a for=request>referrer policy</a>, and
<a for=request>tainted origin flag</a> is <var>request</var>'s
<a for=request>tainted origin flag</a>.

<p class="note no-backref">The <a for=request>service-workers mode</a> of <var>preflight</var>
does not matter as this algorithm uses <a>HTTP-network-or-cache fetch</a> rather than
Expand Down Expand Up @@ -4375,10 +4381,13 @@ Entries may be removed before that moment arrives.
<a for=request>credentials mode</a> is not
"<code>include</code>" and <var>origin</var> is `<code>*</code>`, return success.

<li><p>If <var>request</var>'s <a for=request>origin</a>,
<a lt="ASCII serialization of an origin">serialized</a> and <a>UTF-8 encoded</a>, is not
<var>origin</var>, return failure.
<!-- XXX concept-as-bytes -->
<li><p>Let <var>requestOriginValue</var> be <var>request</var>'s <a for=request>origin</a>,
<a lt="ASCII serialization of an origin">serialized</a> and <a>UTF-8 encoded</a>.

<li><p>If <var>request</var>'s <a for=request>tainted origin flag</a> is set, then set
<var>requestOriginValue</var> to `<code>null</code>`.

<li><p>If <var>requestOriginValue</var> is not <var>origin</var>, then return failure.

<li><p>If <var>request</var>'s
<a for=request>credentials mode</a> is not
Expand Down

0 comments on commit 49420f8

Please sign in to comment.