From c99000a96dada32b0aed566563c759256f0b2d9a Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Tue, 22 Oct 2013 17:23:51 +0100 Subject: [PATCH] Fetch integration. Please review, this is major. MAJOR. Right. --- Overview.html | 766 ++++++++++++++-------------------------------- Overview.src.html | 661 +++++++++++---------------------------- 2 files changed, 394 insertions(+), 1033 deletions(-) diff --git a/Overview.html b/Overview.html index 249e824..37f6df8 100644 --- a/Overview.html +++ b/Overview.html @@ -7,7 +7,7 @@

XMLHttpRequest

-

Living Standard — Last Updated 15 October 2013

+

Living Standard — Last Updated 22 October 2013

This Version: @@ -36,7 +36,7 @@

CC0 To the extent possible under law, the editor has waived all copyright and related or neighboring rights to this work. In addition, as of -15 October 2013, the editor has made this specification available +22 October 2013, the editor has made this specification available under the Open Web Foundation Agreement Version 1.0, which is available at @@ -67,34 +67,32 @@

Table of Contents

  • 3 Terminology
  • 4 Interface XMLHttpRequest
      -
    1. 4.1 Task sources
      2. -
    2. 4.2 Constructors
      3. -
    3. 4.3 Garbage collection
      4. -
    4. 4.4 Event handlers
      5. -
    5. 4.5 States
      6. -
    6. 4.6 Request +
    7. 4.1 Constructors
      8. +
    8. 4.2 Garbage collection
      9. +
    9. 4.3 Event handlers
      10. +
    10. 4.4 States
      11. +
    11. 4.5 Request
        -
      1. 4.6.1 The open() method
        2. -
      2. 4.6.2 The setRequestHeader() method
        3. -
      3. 4.6.3 The timeout attribute
        4. -
      4. 4.6.4 The withCredentials attribute
        5. -
      5. 4.6.5 The upload attribute
        6. -
      6. 4.6.6 The send() method
        7. -
      7. 4.6.7 Infrastructure for the send() method
        8. -
      8. 4.6.8 The abort() method
      12. -
    12. 4.7 Response +
    13. 4.5.1 The open() method
      14. +
    14. 4.5.2 The setRequestHeader() method
      15. +
    15. 4.5.3 The timeout attribute
      16. +
    16. 4.5.4 The withCredentials attribute
      17. +
    17. 4.5.5 The upload attribute
      18. +
    18. 4.5.6 The send() method
      19. +
    19. 4.5.7 The abort() method
    • +
  • 4.6 Response
      -
    1. 4.7.1 The status attribute
      2. -
    2. 4.7.2 The statusText attribute
      3. -
    3. 4.7.3 The getResponseHeader() method
      4. -
    4. 4.7.4 The getAllResponseHeaders() method
      5. -
    5. 4.7.5 Response entity body
      6. -
    6. 4.7.6 The overrideMimeType() method
      7. -
    7. 4.7.7 The responseType attribute
      8. -
    8. 4.7.8 The response attribute
      9. -
    9. 4.7.9 The responseText attribute
      10. -
    10. 4.7.10 The responseXML attribute
    • -
  • 4.8 Events summary
    • +
  • 4.6.1 The status attribute
    • +
  • 4.6.2 The statusText attribute
    • +
  • 4.6.3 The getResponseHeader() method
    • +
  • 4.6.4 The getAllResponseHeaders() method
    • +
  • 4.6.5 Response entity body
    • +
  • 4.6.6 The overrideMimeType() method
    • +
  • 4.6.7 The responseType attribute
    • +
  • 4.6.8 The response attribute
    • +
  • 4.6.9 The responseText attribute
    • +
  • 4.6.10 The responseXML attribute
    • +
  • 4.7 Events summary
  • 5 Interface FormData
  • 6 Interface ProgressEvent
      @@ -317,14 +315,7 @@

      4 Interface 4.1 Task sources

      - -

      Each XMLHttpRequest object has its own -task source. Namely, the -XMLHttpRequest task source. - - -

      4.2 Constructors

      +

      4.1 Constructors

      The XMLHttpRequest object has an associated anonymous flag. If the anonymous flag is set, @@ -369,7 +360,7 @@

      4.2 Constructors

    -

    4.3 Garbage collection

    +

    4.2 Garbage collection

    An XMLHttpRequest object must not be garbage collected if @@ -406,7 +397,7 @@

    4.3 Garbage collectionterminate the request. -

    4.4 Event handlers

    +

    4.3 Event handlers

    The following are the event handlers (and their corresponding @@ -462,7 +453,7 @@

    4.4 Event handlers

    -

    4.5 States

    +

    4.4 States

    client . readyState @@ -512,7 +503,7 @@

    4.5 States

    network error or fetch termination. It is initially unset. -

    4.6 Request

    +

    4.5 Request

    Each XMLHttpRequest object has the following request-associated concepts: @@ -539,22 +530,14 @@

    4.6 Request

    -

    To terminate the request run these steps: - -

      -

    1. Set the error flag. - -

    2. Cancel any instance of the fetch algorithm - opened by this object. - -

    3. If there are any tasks from - the object's XMLHttpRequest task source in one of the - task queues, then remove them. -

    +

    To terminate the request, +terminate the +fetch algorithm operated by the +XMLHttpRequest object with reason fatal. -

    4.6.1 The open() method

    +

    4.5.1 The open() method

    client . open(method, url [, async = true [, username = null [, password = null]]]) @@ -699,7 +682,8 @@

    4.6.1 The o

    • Set request method to method.

    • Set request URL to parsed URL. -

    • If async is false, set the synchronous flag. +

    • Set the synchronous flag, if async is false, and unset + the synchronous flag otherwise.

    • Set author request headers to the empty list.

    • Unset the send() flag.

    • Set response entity body to null. @@ -723,7 +707,7 @@

      4.6.1 The o -

      4.6.2 The setRequestHeader() method

      +

      4.5.2 The setRequestHeader() method

      client . setRequestHeader(header, value) @@ -850,7 +834,7 @@

      4.6.2 The -

      4.6.3 The timeout attribute

      +

      4.5.3 The timeout attribute

      client . timeout @@ -897,7 +881,7 @@

      4.6.3 The fetching. -

      4.6.4 The withCredentials attribute

      +

      4.5.4 The withCredentials attribute

      client . withCredentials @@ -959,7 +943,7 @@

      4.6.4 The same-origin resources. -

      4.6.5 The upload attribute

      +

      4.5.5 The upload attribute

      client . upload @@ -977,7 +961,7 @@

      4.6.5 The XMLHttpRequestUpload object. -

      4.6.6 The send() method

      +

      4.5.6 The send() method

      client . send([data = null]) @@ -1140,399 +1124,216 @@

      4.6.6 The s
    • -
      -
      If the source origin and the request URL - are same origin
      -
      If the request URL's - scheme is - "data" - -
      -

      These are the same-origin request steps. - -

      Fetch the - request URL from origin - source origin, using - referrer source as - override referrer source, with the - synchronous flag set if the - synchronous flag is set, using HTTP method - request method, taking into account the - request entity body, list of - author request headers, and the rules listed at the end of - this section. - -

      -
      If the synchronous flag is set
      -
      -

      While making the request also follow the - same-origin request event rules. - - - -

      The - send() method call will - now be returned by virtue of this algorithm ending. -

      - -
      If the synchronous flag is unset
      -
      - -

      Make upload progress notifications. - -

      Make progress notifications. - - -

      While processing the request, as data becomes available and when - the user interferes with the request, - queue tasks - to update the response entity body and follow the - same-origin request event rules. -

      -
      -
      - -
      Otherwise
      -
      -

      These are the cross-origin request steps. - - - - -

      Make a cross-origin request, - passing these as parameters: - -

      -
      request URL
      -
      The request URL.
      - -
      request method
      -
      The request method.
      - -
      author request headers
      -
      The list of author request headers.
      - -
      request entity body
      -
      The request entity body.
      - -
      source origin
      -
      The source origin.
      - -
      referrer source -
      If the anonymous flag is set, the - URL - "about:blank", and the - referrer source otherwise. - -
      omit credentials flag
      -
      Set if - withCredentials - attribute's value is false. - -
      force preflight flag
      -
      Set if the upload events flag is set. -
      - -
      -
      If the synchronous flag is set
      -
      -

      While making the request also follow the - cross-origin request event rules. - - - -

      The - send() method call will - now be returned by virtue of this algorithm ending. -

      - -
      If the synchronous flag is unset
      -
      -

      While processing the request, as data becomes available and when - the end user interferes with the request, - queue tasks - to update the response entity body and follow the - cross-origin request event rules. -

      -
      - -
      +

      Let req be a new + request, initialized as + follows: + +

      +
      method +
      request method +
      url +
      request URL +
      author headers +
      author request headers +
      origin +
      source origin +
      force Origin header flag +
      Set. +
      source origin +
      referrer +
      referrer source +
      body +
      request entity body +
      synchronous flag +
      Set if the synchronous flag is set. +
      mode +
      CORS +
      force preflight flag +
      Set if the upload events flag is set. +
      omit credentials mode +
      If the anonymous flag is set, always, and + CORS otherwise. +
      use URL credentials flag +
      Set if either request URL's + username + is not the empty string or request URL's + password is non-null.
      - - -
      - -

      If the user agent supports HTTP Authentication and -Authorization is not in the list -of author request headers, it should -consider requests originating from the XMLHttpRequest object -to be part of the protection space that includes the accessed URIs and -send Authorization headers and -handle 401 Unauthorized requests appropriately. - -

      If authentication fails, -source origin and the -request URL are same origin, -Authorization is not in the list -of author request headers, -request URL's -username is -the empty string and request URL's -password is -null, user agents should prompt the end user for their username and -password. - - -

      Otherwise, if authentication fails, user agents -must not prompt the end user for their username and -password. [HTTPAUTH] - -

      Unfortunately end users are prompted because of legacy -content constraints. However, when possible this behavior is prohibited, -as it is bad UI. E.g. that is why the -same origin restriction is made above. +

    • If a header + named + `Accept-Language` is not in req's + author headers, + append one with an appropriate + value. -

      +

    • If a header + named + `Accept` is not in req's + author headers, + append one with `*/*` as + value. -

      If the user agent implements a HTTP cache it should -respect Cache-Control headers in -author request headers -(e.g. Cache-Control: no-cache bypasses the cache). It -must not send Cache-Control or -Pragma request headers automatically unless the end user -explicitly requests such behavior (e.g. by reloading the page). - -

      For 304 Not Modified responses that are a result of a -user agent generated conditional request the user agent -must act as if the server gave a 200 OK -response with the appropriate content. The user agent -must allow author request headers to override automatic cache -validation (e.g. If-None-Match or -If-Modified-Since), in which case -304 Not Modified responses must be passed through. -[HTTP] - -

      - -

      If the user agent implements server-driven content-negotiation -it must follow these constraints for the -Accept and Accept-Language request headers: - -

      - -

      Responses must have the content-encodings -automatically decoded. [HTTP] +

    • +

      Fetch req. + +

      If req's synchronous flag is + set, pass the return value, synchronously, to + process response end-of-file below. Otherwise, + handle the tasks + queued on the + networking task source per below. + +

      If the timeout attribute value is not + 0, terminate + fetching after the amount of + milliseconds specified by the timeout + attribute value have passed with reason timeout. + +

      To process request body for + request, + fire a progress event named + progress on the + XMLHttpRequestUpload object. + + +

      To process request end-of-file for + request, run these substeps: -

      +
        +

      1. Set the upload complete flag. -

        Besides the author request headers, user agents -should not include additional request headers other than those mentioned -above or other than those authors are not allowed to set using -setRequestHeader(). -This ensures that authors have a predictable API. +

      2. Fire a progress event named progress + on the XMLHttpRequestUpload object. +

      3. Fire a progress event named load + on the XMLHttpRequestUpload object. -

        4.6.7 Infrastructure for the send() method

        +

      4. Fire a progress event named loadend + on the XMLHttpRequestUpload object. +

      + -

      The same-origin request event rules are as follows: +

      To process response for response, + run these substeps: -

      -
      If the error flag is set -

      Terminate these steps. +

        +

      1. Handle errors for response. -

        If the response has an HTTP status code of 301, 302, 303, 307, or 308 -
        -

        If the redirect violates infinite loop precautions this is a - network error. +

      2. +

        If state is OPENED, run these + subsubsteps: -

        Otherwise, run these steps: +

          +

        1. Change the state to HEADERS_RECEIVED. -

            -

          1. Set the request URL to the - URL conveyed by the - Location header. - - -

          2. If the source origin and the - origin of request URL - are same origin transparently follow - the redirect while observing the - same-origin request event rules. - -

          3. Otherwise, follow the cross-origin request steps - and terminate the steps for this algorithm. +

          4. Fire an event named readystatechange. +

        -

        HTTP places requirements on the user agent regarding the - preservation of the request method and - request entity body during redirects, and also requires end - users to be notified of certain kinds of automatic redirections. - -

        3. +

        To process response body for + response, run these substeps: -

        If the end user cancels the request
        -

        This is an abort error.

        +
          +

        1. Handle errors for response. -

          If there is a network error
          -
          -

          In case of DNS errors, TLS negotiation failure, or other type of - network errors, this is a network error. Do not request any - kind of end user interaction. +

        2. +

          If state is + HEADERS_RECEIVED, run these + subsubsteps: -

          This does not include HTTP responses that indicate - some type of error, such as HTTP status code 410. -

          3. +
            +

          1. Change the state to LOADING. +

          2. Fire an event named readystatechange. +

          -
          If timeout is not 0 - and since the request started the amount of milliseconds specified by - timeout has passed
          -

          This is a timeout error.

          +

        3. Update response entity body with response's + body. +

        4. Fire a progress event named progress. +

        -
        Once all HTTP headers have been received, the - synchronous flag is unset, and the HTTP status code of the - response is not one of 301, 302, 303, 307, and 308 -

        Switch to the HEADERS_RECEIVED state.

        +

        To process response end-of-file for + response, run these substeps: -

        Once the first byte (or more) of the - response entity body has been received and the - synchronous flag is unset
        -
        If there is no response entity body and the - synchronous flag is unset
        -

        Switch to the LOADING state.

        +
          +

        1. Handle errors for response. -

          Once the whole response entity body has been - received
          -
          If there is no response entity body and the state is - LOADING
          -
          If there is no response entity body and the - synchronous flag is set
          -

          Switch to the DONE state.

          -
      +
    • +

      If state is LOADING, run these + subsubsteps: +

        +

      1. Update response entity body with response's + body. -

        +

      2. Change the state to DONE. -

        The cross-origin request event rules are as follows: +

      3. Unset the send() flag. -

        -
        If the error flag is set -

        Terminate these steps. - -

        If the cross-origin request status - is preflight complete and the synchronous flag is - unset
        -

        Make upload progress notifications.

        - -
        If the cross-origin request status - is network error
        -

        This is a network error.

        - -
        If the cross-origin request status - is abort error
        -

        This is an abort error.

        - -
        If timeout is not 0 - and since the request started the amount of milliseconds specified by - timeout has passed
        -

        This is a timeout error.

        - -
        Once all HTTP headers have been received, the - cross-origin request status is - success, and the synchronous flag is unset
        -
        -

        Switch to the HEADERS_RECEIVED state. +

      4. Fire an event named readystatechange. -

        Make progress notifications. -

        5. +

      5. Fire a progress event named progress. -

        Once the first byte (or more) of the - response entity body has been received, the - cross-origin request status is - success, and the synchronous flag is unset
        -
        If there is no response entity body, the - cross-origin request status is - success, and the synchronous flag is unset
        -

        Switch to the LOADING state.

        - -
        Once the whole response entity body has been received - and the cross-origin request status is - success
        -
        If there is no response entity body, the - cross-origin request status is - success, and the state is - LOADING
        -
        If there is no response entity body, the - cross-origin request status is - success, and the synchronous flag is set
        -

        Switch to the DONE state.

        -
        6. +

      6. Fire a progress event named load. +

      7. Fire a progress event named loadend. +

      + + -
      +

      To handle errors for response run these substeps: -

      When something is said to be a network error run the -request error steps for exception -"NetworkError" and -event error. +

        +

      1. If response is a + network error, run the + request error steps for event error and + exception "NetworkError". -

        When something is said to be an abort error run the -request error steps for exception -"AbortError" and event -abort. +

      2. +

        Otherwise, if response has a + termination reason: +

        +
        end-user abort +

        Run the request error steps for event + abort and exception + "AbortError". -

        When something is said to be an timeout error run the -request error steps for exception -"TimeoutError" and event -timeout. +

        fatal +
        +

        Terminate the entire send() algorithm. +

        Game over. +

        timeout +

        Run the request error steps for event + timeout and exception + "TimeoutError". +

        +
      -

      When something is said to be a request error for -exception exception and event event run these -steps: +

      The request error steps for event event and optionally an +exception exception are:

        -

      1. Terminate the request. -

      2. Change the state to DONE. +

      3. Unset the send() flag. + +

      4. Set the error flag. +

      5. If the synchronous flag is set, - throw an - exception exception. + throw an exception + exception.

      6. Fire an event named readystatechange. -

        At this point it is clear that the - synchronous flag is unset. - - +

        At this point it is clear that the synchronous flag is unset.

      7. -

        If the upload complete flag is unset, follow these - substeps: +

        If the upload complete flag is unset, follow these substeps:

        1. Set the upload complete flag. @@ -1547,7 +1348,6 @@

          4.6.7 I loadend on the XMLHttpRequestUpload object.

        -

      8. Fire a progress event named progress.

      9. Fire a progress event named event. @@ -1555,94 +1355,8 @@

        4.6.7 I

      10. Fire a progress event named loadend.

      -
      - -

      When it is said to -switch to the HEADERS_RECEIVED state -run these steps: - -

        -

      1. Change the state to HEADERS_RECEIVED. - -

      2. Fire an event named readystatechange. -

      - -

      When it is said to -switch to the LOADING state run these -steps: - -

        -

      1. Change the state to LOADING. - -

      2. Fire an event named readystatechange. -

      - -

      When it is said to -switch to the DONE state run these steps: - -

        -

      1. If the synchronous flag is set, update the - response entity body. - -

      2. Unset the synchronous flag. - -

      3. Change the state to DONE. - -

      4. Fire an event named readystatechange. - -

      5. Fire a progress event named progress. - -

      6. Fire a progress event named load. - -

      7. Fire a progress event named loadend. - -

      - -
      - -

      When it is said to make progress notifications, while the -download is progressing, queue a task to -fire a progress event named progress -about every 50ms or for every byte received, whichever is least -frequent. - -

      - -

      When it is said to make upload progress notifications run -these steps: - -

      - - -

      4.6.8 The abort() method

      +

      4.5.7 The abort() method

      client . abort() @@ -1655,44 +1369,11 @@

      4.6.8 The

      1. Terminate the request. -

      2. -

        If the state is UNSENT, - OPENED with the - send() flag being unset, or - DONE, go to the next step. - -

        Otherwise, run these substeps first: - -

          -

        1. Change the state to DONE. - -

        2. Unset the send() flag. - -

        3. Fire an event named readystatechange. - -

        4. -

          If the upload complete flag is false run these - substeps: - -

            -

          1. Set the upload complete flag to true. - -

          2. Fire a progress event named progress - on the XMLHttpRequestUpload object. - -

          3. Fire a progress event named abort - on the XMLHttpRequestUpload object. - -

          4. Fire a progress event named loadend - on the XMLHttpRequestUpload object. -

          - -

        5. Fire a progress event named progress. - -

        6. Fire a progress event named abort. - -

        7. Fire a progress event named loadend. -

        +

      3. If the state is OPENED with the + send() flag set, + HEADERS_RECEIVED, or + LOADING, run the + request error steps for event abort.

      4. Change the state to UNSENT. @@ -1703,7 +1384,7 @@

        4.6.8 The -

        4.7 Response

        +

        4.6 Response

        A response header is a HTTP response header transmitted before the response entity body. @@ -1712,7 +1393,7 @@

        4.7 Response

        This excludes trailer fields ("trailers"). -

        4.7.1 The status attribute

        +

        4.6.1 The status attribute

        client . status @@ -1734,7 +1415,7 @@

        4.7.1 The 4.7.2 The statusText attribute

        +

        4.6.2 The statusText attribute

        client . statusText @@ -1755,7 +1436,7 @@

        4.7.2 The -

        4.7.3 The getResponseHeader() method

        +

        4.6.3 The getResponseHeader() method

        client . getResponseHeader(header) @@ -1814,7 +1495,7 @@

        4.7.3 The -

        4.7.4 The getAllResponseHeaders() method

        +

        4.6.4 The getAllResponseHeaders() method

        client . getAllResponseHeaders() @@ -1871,7 +1552,7 @@

        4.7.4 The -

        4.7.5 Response entity body

        +

        4.6.5 Response entity body

        The response MIME type is the MIME type the Content-Type header contains excluding any @@ -2091,7 +1772,7 @@

        4.7.5 Response entity -

        4.7.6 The overrideMimeType() method

        +

        4.6.6 The overrideMimeType() method

        client . overrideMimeType(mime) @@ -2136,7 +1817,7 @@

        4.7.6 The 4.7.7 The responseType attribute

        +

        4.6.7 The responseType attribute

        @@ -2200,7 +1881,7 @@

        4.7.7 The 4.7.8 The response attribute

        +

        4.6.8 The response attribute

        client . response @@ -2264,7 +1945,7 @@

        4.7.8 The 4.7.9 The responseText attribute

        +

        4.6.9 The responseText attribute

        client . responseText @@ -2299,7 +1980,7 @@

        4.7.9 The -

        4.7.10 The responseXML attribute

        +

        4.6.10 The responseXML attribute

        client . responseXML @@ -2340,7 +2021,7 @@

        4.7.10 The 4.8 Events summary

        +

        4.7 Events summary

        This section is non-normative. @@ -2771,9 +2452,6 @@

        References

        [HTTP]
        Hypertext Transfer Protocol -- HTTP/1.1, Roy Fielding, James Gettys, Jeffrey Mogul et al.. IETF. -
        [HTTPAUTH] -
        HTTP Authentication: Basic and Digest Access Authentication, J. Franks, Phillip Hallam-Baker, J. Hostetler et al.. IETF. -
        [HTTPVERBSEC]
        Multiple vendors' web servers enable HTTP TRACE method by default. US-CERT. diff --git a/Overview.src.html b/Overview.src.html index 6d16795..378a86f 100644 --- a/Overview.src.html +++ b/Overview.src.html @@ -269,13 +269,6 @@

        Interface XMLHttpRequest

        required by its definition, too). -

        Task sources

        - -

        Each XMLHttpRequest object has its own -task source. Namely, the -XMLHttpRequest task source. - -

        Constructors

        The XMLHttpRequest object has an associated @@ -491,18 +484,10 @@

        Request

        -

        To terminate the request run these steps: - -

          -

        1. Set the error flag. - -

        2. Cancel any instance of the fetch algorithm - opened by this object. - -

        3. If there are any tasks from - the object's XMLHttpRequest task source in one of the - task queues, then remove them. -

        +

        To terminate the request, +terminate the +fetch algorithm operated by the +XMLHttpRequest object with reason fatal. @@ -651,7 +636,8 @@

        The open() method

        • Set request method to method.

        • Set request URL to parsed URL. -

        • If async is false, set the synchronous flag. +

        • Set the synchronous flag, if async is false, and unset + the synchronous flag otherwise.

        • Set author request headers to the empty list.

        • Unset the send() flag.

        • Set response entity body to null. @@ -1092,399 +1078,216 @@

          The send() method

        • -
          -
          If the source origin and the request URL - are same origin
          -
          If the request URL's - scheme is - "data" - -
          -

          These are the same-origin request steps. - -

          Fetch the - request URL from origin - source origin, using - referrer source as - override referrer source, with the - synchronous flag set if the - synchronous flag is set, using HTTP method - request method, taking into account the - request entity body, list of - author request headers, and the rules listed at the end of - this section. - -

          -
          If the synchronous flag is set
          -
          -

          While making the request also follow the - same-origin request event rules. - - - -

          The - send() method call will - now be returned by virtue of this algorithm ending. -

          - -
          If the synchronous flag is unset
          -
          - -

          Make upload progress notifications. - -

          Make progress notifications. - - -

          While processing the request, as data becomes available and when - the user interferes with the request, - queue tasks - to update the response entity body and follow the - same-origin request event rules. -

          -
          -
          - -
          Otherwise
          -
          -

          These are the cross-origin request steps. - - - - -

          Make a cross-origin request, - passing these as parameters: - -

          -
          request URL
          -
          The request URL.
          - -
          request method
          -
          The request method.
          - -
          author request headers
          -
          The list of author request headers.
          - -
          request entity body
          -
          The request entity body.
          - -
          source origin
          -
          The source origin.
          - -
          referrer source -
          If the anonymous flag is set, the - URL - "about:blank", and the - referrer source otherwise. - -
          omit credentials flag
          -
          Set if - withCredentials - attribute's value is false. - -
          force preflight flag
          -
          Set if the upload events flag is set. -
          - -
          -
          If the synchronous flag is set
          -
          -

          While making the request also follow the - cross-origin request event rules. - - - -

          The - send() method call will - now be returned by virtue of this algorithm ending. -

          - -
          If the synchronous flag is unset
          -
          -

          While processing the request, as data becomes available and when - the end user interferes with the request, - queue tasks - to update the response entity body and follow the - cross-origin request event rules. -

          -
          - -
          +

          Let req be a new + request, initialized as + follows: + +

          +
          method +
          request method +
          url +
          request URL +
          author headers +
          author request headers +
          origin +
          source origin +
          force Origin header flag +
          Set. +
          source origin +
          referrer +
          referrer source +
          body +
          request entity body +
          synchronous flag +
          Set if the synchronous flag is set. +
          mode +
          CORS +
          force preflight flag +
          Set if the upload events flag is set. +
          omit credentials mode +
          If the anonymous flag is set, always, and + CORS otherwise. +
          use URL credentials flag +
          Set if either request URL's + username + is not the empty string or request URL's + password is non-null.
          -

      - -
      - -

      If the user agent supports HTTP Authentication and -Authorization is not in the list -of author request headers, it should -consider requests originating from the XMLHttpRequest object -to be part of the protection space that includes the accessed URIs and -send Authorization headers and -handle 401 Unauthorized requests appropriately. - -

      If authentication fails, -source origin and the -request URL are same origin, -Authorization is not in the list -of author request headers, -request URL's -username is -the empty string and request URL's -password is -null, user agents should prompt the end user for their username and -password. - - -

      Otherwise, if authentication fails, user agents -must not prompt the end user for their username and -password. HTTPAUTH - -

      Unfortunately end users are prompted because of legacy -content constraints. However, when possible this behavior is prohibited, -as it is bad UI. E.g. that is why the -same origin restriction is made above. +

    • If a header + named + `Accept-Language` is not in req's + author headers, + append one with an appropriate + value. -

      - -

      If the user agent implements a HTTP cache it should -respect Cache-Control headers in -author request headers -(e.g. Cache-Control: no-cache bypasses the cache). It -must not send Cache-Control or -Pragma request headers automatically unless the end user -explicitly requests such behavior (e.g. by reloading the page). - -

      For 304 Not Modified responses that are a result of a -user agent generated conditional request the user agent -must act as if the server gave a 200 OK -response with the appropriate content. The user agent -must allow author request headers to override automatic cache -validation (e.g. If-None-Match or -If-Modified-Since), in which case -304 Not Modified responses must be passed through. -HTTP - -

      - -

      If the user agent implements server-driven content-negotiation -it must follow these constraints for the -Accept and Accept-Language request headers: +

    • If a header + named + `Accept` is not in req's + author headers, + append one with `*/*` as + value. -

        -

      • Both headers must not be modified if they are in - author request headers. - -

      • If not in author request headers, - Accept-Language with an appropriate value should be appended - to it. - -

      • If not in author request headers, Accept - with value */* must be appended to it. -

      - -

      Responses must have the content-encodings -automatically decoded. HTTP +

    • +

      Fetch req. + +

      If req's synchronous flag is + set, pass the return value, synchronously, to + process response end-of-file below. Otherwise, + handle the tasks + queued on the + networking task source per below. + +

      If the timeout attribute value is not + 0, terminate + fetching after the amount of + milliseconds specified by the timeout + attribute value have passed with reason timeout. + +

      To process request body for + request, + fire a progress event named + progress on the + XMLHttpRequestUpload object. + + +

      To process request end-of-file for + request, run these substeps: -

      +
        +

      1. Set the upload complete flag. -

        Besides the author request headers, user agents -should not include additional request headers other than those mentioned -above or other than those authors are not allowed to set using -setRequestHeader(). -This ensures that authors have a predictable API. +

      2. Fire a progress event named progress + on the XMLHttpRequestUpload object. +

      3. Fire a progress event named load + on the XMLHttpRequestUpload object. -

        Infrastructure for the send() method

        +

      4. Fire a progress event named loadend + on the XMLHttpRequestUpload object. +

      + -

      The same-origin request event rules are as follows: +

      To process response for response, + run these substeps: -

      -
      If the error flag is set -

      Terminate these steps. +

        +

      1. Handle errors for response. -

        If the response has an HTTP status code of 301, 302, 303, 307, or 308 -
        -

        If the redirect violates infinite loop precautions this is a - network error. +

      2. +

        If state is OPENED, run these + subsubsteps: -

        Otherwise, run these steps: +

          +

        1. Change the state to HEADERS_RECEIVED. -

            -

          1. Set the request URL to the - URL conveyed by the - Location header. - - -

          2. If the source origin and the - origin of request URL - are same origin transparently follow - the redirect while observing the - same-origin request event rules. - -

          3. Otherwise, follow the cross-origin request steps - and terminate the steps for this algorithm. +

          4. Fire an event named readystatechange. +

        -

        HTTP places requirements on the user agent regarding the - preservation of the request method and - request entity body during redirects, and also requires end - users to be notified of certain kinds of automatic redirections. - -

        3. +

        To process response body for + response, run these substeps: -

        If the end user cancels the request
        -

        This is an abort error.

        +
          +

        1. Handle errors for response. -

          If there is a network error
          -
          -

          In case of DNS errors, TLS negotiation failure, or other type of - network errors, this is a network error. Do not request any - kind of end user interaction. +

        2. +

          If state is + HEADERS_RECEIVED, run these + subsubsteps: -

          This does not include HTTP responses that indicate - some type of error, such as HTTP status code 410. -

          3. +
            +

          1. Change the state to LOADING. +

          2. Fire an event named readystatechange. +

          -
          If timeout is not 0 - and since the request started the amount of milliseconds specified by - timeout has passed
          -

          This is a timeout error.

          +

        3. Update response entity body with response's + body. +

        4. Fire a progress event named progress. +

        -
        Once all HTTP headers have been received, the - synchronous flag is unset, and the HTTP status code of the - response is not one of 301, 302, 303, 307, and 308 -

        Switch to the HEADERS_RECEIVED state.

        +

        To process response end-of-file for + response, run these substeps: -

        Once the first byte (or more) of the - response entity body has been received and the - synchronous flag is unset
        -
        If there is no response entity body and the - synchronous flag is unset
        -

        Switch to the LOADING state.

        +
          +

        1. Handle errors for response. -

          Once the whole response entity body has been - received
          -
          If there is no response entity body and the state is - LOADING
          -
          If there is no response entity body and the - synchronous flag is set
          -

          Switch to the DONE state.

          -
      +
    • +

      If state is LOADING, run these + subsubsteps: +

        +

      1. Update response entity body with response's + body. -

        +

      2. Change the state to DONE. -

        The cross-origin request event rules are as follows: +

      3. Unset the send() flag. -

        -
        If the error flag is set -

        Terminate these steps. - -

        If the cross-origin request status - is preflight complete and the synchronous flag is - unset
        -

        Make upload progress notifications.

        - -
        If the cross-origin request status - is network error
        -

        This is a network error.

        - -
        If the cross-origin request status - is abort error
        -

        This is an abort error.

        - -
        If timeout is not 0 - and since the request started the amount of milliseconds specified by - timeout has passed
        -

        This is a timeout error.

        - -
        Once all HTTP headers have been received, the - cross-origin request status is - success, and the synchronous flag is unset
        -
        -

        Switch to the HEADERS_RECEIVED state. +

      4. Fire an event named readystatechange. -

        Make progress notifications. -

        5. +

      5. Fire a progress event named progress. -

        Once the first byte (or more) of the - response entity body has been received, the - cross-origin request status is - success, and the synchronous flag is unset
        -
        If there is no response entity body, the - cross-origin request status is - success, and the synchronous flag is unset
        -

        Switch to the LOADING state.

        - -
        Once the whole response entity body has been received - and the cross-origin request status is - success
        -
        If there is no response entity body, the - cross-origin request status is - success, and the state is - LOADING
        -
        If there is no response entity body, the - cross-origin request status is - success, and the synchronous flag is set
        -

        Switch to the DONE state.

        -
        6. +

      6. Fire a progress event named load. +

      7. Fire a progress event named loadend. +

      + + -
      +

      To handle errors for response run these substeps: -

      When something is said to be a network error run the -request error steps for exception -"NetworkError" and -event error. +

        +

      1. If response is a + network error, run the + request error steps for event error and + exception "NetworkError". -

        When something is said to be an abort error run the -request error steps for exception -"AbortError" and event -abort. +

      2. +

        Otherwise, if response has a + termination reason: +

        +
        end-user abort +

        Run the request error steps for event + abort and exception + "AbortError". -

        When something is said to be an timeout error run the -request error steps for exception -"TimeoutError" and event -timeout. +

        fatal +
        +

        Terminate the entire send() algorithm. +

        Game over. +

        timeout +

        Run the request error steps for event + timeout and exception + "TimeoutError". +

        +
      -

      When something is said to be a request error for -exception exception and event event run these -steps: +

      The request error steps for event event and optionally an +exception exception are:

        -

      1. Terminate the request. -

      2. Change the state to DONE. +

      3. Unset the send() flag. + +

      4. Set the error flag. +

      5. If the synchronous flag is set, - throw an - exception exception. + throw an exception + exception.

      6. Fire an event named readystatechange. -

        At this point it is clear that the - synchronous flag is unset. - - +

        At this point it is clear that the synchronous flag is unset.

      7. -

        If the upload complete flag is unset, follow these - substeps: +

        If the upload complete flag is unset, follow these substeps:

        1. Set the upload complete flag. @@ -1499,7 +1302,6 @@

          Infrastructure for the send() method

          loadend on the XMLHttpRequestUpload object.
        -

      8. Fire a progress event named progress.

      9. Fire a progress event named event. @@ -1507,92 +1309,6 @@

        Infrastructure for the send() method

      10. Fire a progress event named loadend.

      -
      - -

      When it is said to -switch to the HEADERS_RECEIVED state -run these steps: - -

        -

      1. Change the state to HEADERS_RECEIVED. - -

      2. Fire an event named readystatechange. -

      - -

      When it is said to -switch to the LOADING state run these -steps: - -

        -

      1. Change the state to LOADING. - -

      2. Fire an event named readystatechange. -

      - -

      When it is said to -switch to the DONE state run these steps: - -

        -

      1. If the synchronous flag is set, update the - response entity body. - -

      2. Unset the synchronous flag. - -

      3. Change the state to DONE. - -

      4. Fire an event named readystatechange. - -

      5. Fire a progress event named progress. - -

      6. Fire a progress event named load. - -

      7. Fire a progress event named loadend. - -

      - - -
      - -

      When it is said to make progress notifications, while the -download is progressing, queue a task to -fire a progress event named progress -about every 50ms or for every byte received, whichever is least -frequent. - -

      - -

      When it is said to make upload progress notifications run -these steps: - -

        -

      • While the request entity body is being transmitted and the - upload complete flag is unset, - queue a task to - fire a progress event named progress on - the XMLHttpRequestUpload object about every 50ms or for - every byte transmitted, whichever is least frequent. - -

      • -

        If the request entity body has been fully transmitted - (irrespective of whether the server has started transmitting a response - or the status code of such a response) and the - upload complete flag is still unset, - queue a task to run these substeps: - -

          -

        1. Set the upload complete flag. - -

        2. Fire a progress event named progress - on the XMLHttpRequestUpload object. - -

        3. Fire a progress event named load - on the XMLHttpRequestUpload object. - -

        4. Fire a progress event named loadend - on the XMLHttpRequestUpload object. -

        -
      -

      The abort() method

      @@ -1607,44 +1323,11 @@

      The abort() method

      1. Terminate the request. -

      2. -

        If the state is UNSENT, - OPENED with the - send() flag being unset, or - DONE, go to the next step. - -

        Otherwise, run these substeps first: - -

          -

        1. Change the state to DONE. - -

        2. Unset the send() flag. - -

        3. Fire an event named readystatechange. - -

        4. -

          If the upload complete flag is false run these - substeps: - -

            -

          1. Set the upload complete flag to true. - -

          2. Fire a progress event named progress - on the XMLHttpRequestUpload object. - -

          3. Fire a progress event named abort - on the XMLHttpRequestUpload object. - -

          4. Fire a progress event named loadend - on the XMLHttpRequestUpload object. -

          - -

        5. Fire a progress event named progress. - -

        6. Fire a progress event named abort. - -

        7. Fire a progress event named loadend. -

        +

      3. If the state is OPENED with the + send() flag set, + HEADERS_RECEIVED, or + LOADING, run the + request error steps for event abort.

      4. Change the state to UNSENT.