diff --git a/fetch.bs b/fetch.bs index 7bd0e2b84..568d86f13 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3479,15 +3479,12 @@ optional CORS flag and CORS-preflight flag, run these steps: request with CORS flag if set.
If CORS flag is set and a CORS check for - request and response returns failure, then return a - network error. - -
As the CORS check is not to be
- applied to responses whose
- status is 304
or 407
, or
- responses from a service worker for that matter, it is
- applied here.
+
If CORS flag is set and a CORS check for request and + response returns failure, then return a network error. + +
As the CORS check is not to be applied to
+ responses whose status is 304
or 407
,
+ or responses from a service worker for that matter, it is applied here.
If a CORS check for request and response returns success - and response's status is an ok status, then: +
If a CORS check for request and response returns success and + response's status is an ok status, then: -
The CORS check is done - on request rather than preflight to ensure the correct - credentials mode is used. +
The CORS check is done on request rather than + preflight to ensure the correct credentials mode is used.
Let methods be the result of extracting header list values given @@ -4599,38 +4595,33 @@ agent's CORS-preflight cache for which there is a cache entry matchCORS check -
To perform a CORS check for a -request and response, run these steps: +
To perform a CORS check for a request and +response, run these steps:
Let origin be the result of extracting header list values given
- `Access-Control-Allow-Origin
` and response's
- header list.
-
-
The above will fail for network errors, as they have no headers. +
Let origin be the result of getting
+ `Access-Control-Allow-Origin
` from response's
+ header list.
If origin is null or failure, return failure. +
If origin is null, then return failure.
Null is not `null
`.
-
If request's
- credentials mode is not
- "include
" and origin is `*
`, return success.
+
If request's credentials mode is not "include
"
+ and origin is `*
`, then return success.
If the result of serializing a request origin with request is not origin, then return failure. -
If request's
- credentials mode is not
- "include
", return success.
+
If request's credentials mode is not "include
",
+ then return success.
-
Let credentials be the result of extracting header list values given
- `Access-Control-Allow-Credentials
` and response's
+
Let credentials be the result of getting
+ `Access-Control-Allow-Credentials
` from response's
header list.
-
If credentials is `true
`, return success.
+
If credentials is `true
`, then return success.
Return failure.