[html5] r6926 - [giow] (1) Change crossorigin='' to act like No CORS mode for same-origin resour [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri Jan 27 18:01:45 PST 2012
Author: ianh
Date: 2012-01-27 18:01:44 -0800 (Fri, 27 Jan 2012)
New Revision: 6926
Modified:
complete.html
index
source
Log:
[giow] (1) Change crossorigin='' to act like No CORS mode for same-origin resources, at least until a cross-origin redirect comes along.
Affected topics: HTML
Modified: complete.html
===================================================================
--- complete.html 2012-01-27 18:55:51 UTC (rev 6925)
+++ complete.html 2012-01-28 02:01:44 UTC (rev 6926)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 27 January 2012</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 28 January 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -8459,8 +8459,10 @@
resource as either <dfn id=cors-same-origin>CORS-same-origin</dfn> or
<dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
- <dl class=switch><dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+ <dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+
<dd>
<p>Run these substeps:</p>
@@ -8477,18 +8479,28 @@
<li>
<p>If the result of the <a href=#fetch>fetch</a> is a redirect, and
- <var title="">result</var> still has no value, then apply the
- CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
+ the <var title="">mode</var> is not "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", and the
+ <a href=#origin>origin</a> of the target URL of the redirect is not the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>, then set
+ <var title="">URL</var> to the the target URL of the redirect
+ and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled
+ fetch</a> algorithm (this time, the branch below will be
+ taken, resulting in the fetch being done in a CORS-aware
+ fashion).</p>
+
+ <p>Otherwise, if the result of the <a href=#fetch>fetch</a> is a
+ redirect, and <var title="">result</var> still has no value,
+ then apply the CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
<a href=#credential-flag>credential flag</a> set to true and the <i>request
rules</i> being that the user agent continue to follow these
steps. If this resumes the <a href=#fetch>fetch</a> algorithm, then
- return to the <i>loop</i> step. If it failed due to a failure
- of the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
+ return to the <i>loop</i> step. If it failed due to a failure of
+ the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
labeled <i>end</i>; if <var title="">default</var> is
<i>taint</i>, then set <var title="">result</var> to
- <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a>
- but with the <i>manual redirect flag</i> no longer set, and
- jump to the step labeled <i>end</i> below.</p>
+ <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a> but
+ with the <i>manual redirect flag</i> no longer set, and jump to
+ the step labeled <i>end</i> below.</p>
<p>Otherwise, if the resource is not available (e.g. there is
a network error) then set <var title="">result</var> to the
Modified: index
===================================================================
--- index 2012-01-27 18:55:51 UTC (rev 6925)
+++ index 2012-01-28 02:01:44 UTC (rev 6926)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 27 January 2012</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 28 January 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -8459,8 +8459,10 @@
resource as either <dfn id=cors-same-origin>CORS-same-origin</dfn> or
<dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
- <dl class=switch><dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+ <dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+
<dd>
<p>Run these substeps:</p>
@@ -8477,18 +8479,28 @@
<li>
<p>If the result of the <a href=#fetch>fetch</a> is a redirect, and
- <var title="">result</var> still has no value, then apply the
- CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
+ the <var title="">mode</var> is not "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", and the
+ <a href=#origin>origin</a> of the target URL of the redirect is not the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>, then set
+ <var title="">URL</var> to the the target URL of the redirect
+ and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled
+ fetch</a> algorithm (this time, the branch below will be
+ taken, resulting in the fetch being done in a CORS-aware
+ fashion).</p>
+
+ <p>Otherwise, if the result of the <a href=#fetch>fetch</a> is a
+ redirect, and <var title="">result</var> still has no value,
+ then apply the CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
<a href=#credential-flag>credential flag</a> set to true and the <i>request
rules</i> being that the user agent continue to follow these
steps. If this resumes the <a href=#fetch>fetch</a> algorithm, then
- return to the <i>loop</i> step. If it failed due to a failure
- of the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
+ return to the <i>loop</i> step. If it failed due to a failure of
+ the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
labeled <i>end</i>; if <var title="">default</var> is
<i>taint</i>, then set <var title="">result</var> to
- <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a>
- but with the <i>manual redirect flag</i> no longer set, and
- jump to the step labeled <i>end</i> below.</p>
+ <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a> but
+ with the <i>manual redirect flag</i> no longer set, and jump to
+ the step labeled <i>end</i> below.</p>
<p>Otherwise, if the resource is not available (e.g. there is
a network error) then set <var title="">result</var> to the
Modified: source
===================================================================
--- source 2012-01-27 18:55:51 UTC (rev 6925)
+++ source 2012-01-28 02:01:44 UTC (rev 6926)
@@ -8432,9 +8432,10 @@
<dl class="switch">
- <dt>If <var title="">mode</var> is "<span
- title="attr-crossorigin-none">No CORS</span>"</dt>
+ <dt>If the <var title="">URL</var> has the <span>same origin</span> as <var title="">origin</var></dt>
+ <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>"</dt>
+
<dd>
<p>Run these substeps:</p>
@@ -8453,20 +8454,31 @@
<li>
<p>If the result of the <span>fetch</span> is a redirect, and
- <var title="">result</var> still has no value, then apply the
- CORS <span>redirect steps</span>, with the CORS
+ the <var title="">mode</var> is not "<span
+ title="attr-crossorigin-none">No CORS</span>", and the
+ <span>origin</span> of the target URL of the redirect is not the
+ <span>same origin</span> as <var title="">origin</var>, then set
+ <var title="">URL</var> to the the target URL of the redirect
+ and return to the top of the <span>potentially CORS-enabled
+ fetch</span> algorithm (this time, the branch below will be
+ taken, resulting in the fetch being done in a CORS-aware
+ fashion).</p>
+
+ <p>Otherwise, if the result of the <span>fetch</span> is a
+ redirect, and <var title="">result</var> still has no value,
+ then apply the CORS <span>redirect steps</span>, with the CORS
<span>credential flag</span> set to true and the <i>request
rules</i> being that the user agent continue to follow these
steps. If this resumes the <span>fetch</span> algorithm, then
- return to the <i>loop</i> step. If it failed due to a failure
- of the CORS <span>resource sharing check</span>, then: if <var
+ return to the <i>loop</i> step. If it failed due to a failure of
+ the CORS <span>resource sharing check</span>, then: if <var
title="">default</var> is <i>fail</i>, then set <var
title="">result</var> to <i>fail</i> and jump to the step
labeled <i>end</i>; if <var title="">default</var> is
<i>taint</i>, then set <var title="">result</var> to
- <i>taint</i>, <span>transparently follow the redirect</span>
- but with the <i>manual redirect flag</i> no longer set, and
- jump to the step labeled <i>end</i> below.</p>
+ <i>taint</i>, <span>transparently follow the redirect</span> but
+ with the <i>manual redirect flag</i> no longer set, and jump to
+ the step labeled <i>end</i> below.</p>
<p>Otherwise, if the resource is not available (e.g. there is
a network error) then set <var title="">result</var> to the
More information about the Commit-Watchers
mailing list