Skip to content
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on Jan 26, 2023

Commits on Jan 25, 2023

  1. Editorial: remove prefetch-src

    It was removed by CSP: w3c/webappsec-csp#582.
    noamr committed Jan 25, 2023
  2. Body sizes should be CORS rather than TAO protected

    The encoded/decoded body size relate to the resource, not to the timing.
    Tests: web-platform-tests/wpt#37884 & web-platform-tests/wpt#37257.
    This is part of w3c/resource-timing#220 (comment).
    Co-authored-by: Anne van Kesteren <>
    noamr and annevk committed Jan 25, 2023

Commits on Jan 17, 2023

  1. Accept header for prefetch

    Complements whatwg/html#8111.
    Co-authored-by: Anne van Kesteren <>
    noamr and annevk committed Jan 17, 2023
  2. Define Sec-Purpose: prefetch header

    This replaces the existing `Purpose: prefetch` and `x-moz: prefetch` headers.
    Tests: web-platform-tests/wpt#35707.
    Part of whatwg/html#8111.
    Closes w3c/webappsec-fetch-metadata#84 and w3c/resource-hints#74.
    Co-authored-by: Anne van Kesteren <>
    noamr and annevk committed Jan 17, 2023

Commits on Jan 13, 2023

  1. Editorial: add <div algorithm> wrappers to Fetching

    Related to: #1526.
    Co-authored-by: Anne van Kesteren <>
    dlrobertson and annevk committed Jan 13, 2023

Commits on Jan 10, 2023

  1. Editorial: account for HTTP updates

    Fixes #1558.
    annevk committed Jan 10, 2023

Commits on Jan 3, 2023

  1. Editorial: correct keepalive note

    Also remove the no-backref class throughout as it's meaningless.
    annevk committed Jan 3, 2023
  2. Use internal response for Server-Timing processing

    The Server-Timing header data is protected by the Timing-Allow-Origin header, so there's no need to safelist it through CORS, unless you wanted direct access to the raw header.
    Tests: web-platform-tests/wpt#37714.
    Closes #1511.
    Co-authored-by: Anne van Kesteren <>
    noamr and annevk committed Jan 3, 2023

Commits on Dec 22, 2022

  1. Editorial: stop using promises in internal algorithms

    They are not designed for that and don't work well (e.g., resolve expects a JS value).
    Follows whatwg/streams#1250 and addresses the Fetch part of whatwg/streams#1178.
    Closes #1568.
    Co-authored-by: Domenic Denicola <>
    Co-authored-by: Anne van Kesteren <>
    3 people committed Dec 22, 2022

Commits on Dec 21, 2022

Commits on Dec 15, 2022

  1. Integrate Priority Hints

    - Renames the request priority concept to internal priority and "adds" priority for usage by APIs.
    - Adds a new priority member to RequestInit for specifying a priority hint.
    These changes combined with whatwg/html#8470 obsolete the Priority Hints specification:
    Fixes #1319.
    Co-authored-by: Anne van Kesteren <>
    pmeenan and annevk committed Dec 15, 2022

Commits on Dec 14, 2022

Commits on Dec 12, 2022

  1. Editorial: various nits and more <div algorithm> wrappers

    - Fix unused variables in report timing and extract full timing info.
    - Fix an unclosed tag in extract full timing info.
    - Use non-null more consistently.
    Related to #1526.
    Fixes #1566.
    Co-authored-by: Anne van Kesteren <>
    dlrobertson and annevk committed Dec 12, 2022

Commits on Dec 1, 2022

Commits on Nov 28, 2022

Commits on Nov 23, 2022

  1. Refactor forbidden request-headers

    This change makes several changes:
    * Makes "get, decode, and split" callable with a value. This is generally not advisable so this is not exported.
    * Generalizes forbidden header name to forbidden request-headers so it can target values for specific headers.
    * Takes advantage of that for X-HTTP-Method, X-HTTP-Method-Override, and X-Method-Override.
    Tests: WPT fetch/api/basic/request-forbidden-headers.any.js.
    XHR PR: whatwg/xhr#362.
    annevk committed Nov 23, 2022

Commits on Nov 22, 2022

  1. Editorial: use tuple syntax

    And consistify callsite of no-CORS-safelisted request-header.
    annevk committed Nov 22, 2022

Commits on Nov 8, 2022

Commits on Nov 2, 2022

  1. Update to use navigables instead of browsing contexts

    Follows whatwg/html#6315. One reference remains to "target browsing context" which probably requires HTML-side updates first.
    domenic committed Nov 2, 2022

Commits on Oct 31, 2022

Commits on Oct 26, 2022

  1. Meta: my employer changed

    annevk committed Oct 26, 2022