diff --git a/Overview.html b/Overview.html index e040ffccc..0ed09e0fa 100644 --- a/Overview.html +++ b/Overview.html @@ -7,7 +7,7 @@
A CORS-safelisted response-header name, given a -header list list, is a +CORS-exposed header-name list list, is a header name that is one of:
Expires
`
Last-Modified
`
Pragma
`.
- Access-Control-Expose-Headers
` in
+ A response has an associated +CORS-exposed header-name list +(a list of zero or more +header names). +The list is empty unless otherwise specified. + +
A response will typically get its
+CORS-exposed header-name list
+set by parsing the
+`Access-Control-Expose-Headers
` header. This
+list is used by a CORS filtered response to
+determine which headers to expose.
+
A response whose @@ -1162,7 +1173,7 @@
An opaque filtered response is a filtered response whose @@ -2104,22 +2115,37 @@
If response is not a network error and response is not a - filtered response, set - response to the following - filtered response with - response as its - internal response, depending on - request's - response tainting: - -
basic
"
- cors
"
- opaque
"
- If request's
+ response tainting is
+ "cors
", set
+ response's
+ CORS-exposed header-name list
+ to the result of parsing
+ `Access-Control-Expose-Headers
` in
+ response's
+ header list.
+
+
Set response to the following + filtered response with + response as its + internal response, depending on + request's + response tainting: + +
basic
"
+ cors
"
+ opaque
"
+ Let internalResponse be response, if response is a network error, and response's @@ -5205,6 +5231,7 @@
A CORS-safelisted response-header name, given a -header list list, is a +CORS-exposed header-name list list, is a header name that is one of:
Expires
`
Last-Modified
`
Pragma
`.
- Access-Control-Expose-Headers
` in
+ A response has an associated +CORS-exposed header-name list +(a list of zero or more +header names). +The list is empty unless otherwise specified. + +
A response will typically get its
+CORS-exposed header-name list
+set by parsing the
+`Access-Control-Expose-Headers
` header. This
+list is used by a CORS filtered response to
+determine which headers to expose.
+
A response whose @@ -1093,7 +1104,7 @@
An opaque filtered response is a filtered response whose @@ -2035,22 +2046,37 @@
If response is not a network error and response is not a - filtered response, set - response to the following - filtered response with - response as its - internal response, depending on - request's - response tainting: - -
basic
"
- cors
"
- opaque
"
- If request's
+ response tainting is
+ "cors
", set
+ response's
+ CORS-exposed header-name list
+ to the result of parsing
+ `Access-Control-Expose-Headers
` in
+ response's
+ header list.
+
+
Set response to the following + filtered response with + response as its + internal response, depending on + request's + response tainting: + +
basic
"
+ cors
"
+ opaque
"
+ Let internalResponse be response, if response is a network error, and response's @@ -5047,6 +5073,7 @@