[html5] r6841 - [giow] (1) withCredentials in EventSource should also affect reconnections. Affe [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Dec 2 14:57:58 PST 2011 

Author: ianh
Date: 2011-12-02 14:57:56 -0800 (Fri, 02 Dec 2011)
New Revision: 6841

Modified:
   complete.html
   index
   source
Log:
[giow] (1) withCredentials in EventSource should also affect reconnections.
Affected topics: Server-Sent Events

Modified: complete.html
===================================================================
--- complete.html	2011-12-01 23:00:53 UTC (rev 6840)
+++ complete.html	2011-12-02 22:57:56 UTC (rev 6841)
@@ -240,7 +240,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 28 November 2011</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 2 December 2011</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -76297,15 +76297,17 @@
    <li><p>Return the new <code><a href=#eventsource>EventSource</a></code> object, and continue
    these steps in the background (without blocking scripts).</li>
 
-   <li>
+   <li><!-- if you change this, don't forget to update the
+            reconnecting fetch lower down as well! -->
 
     <p>Do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
     resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i> being
     <var title="">CORS mode</var>, and the <i title="">origin</i>
     being the <a href=#entry-script>entry script</a>'s <a href=#origin>origin</a><!--, and
     the <i>default origin behaviour</i> set to <i>fail</i> (though it
-    has no effect in the "Use Credentials" mode)-->, and process the
-    resource obtained in this fashion, if any, as described below.</p>
+    has no effect in the "Anonymous" and "Use Credentials" modes)-->,
+    and process the resource obtained in this fashion, if any, as
+    described below.</p>
 
     <p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm (which is used by CORS) is
     such that if the browser is already fetching the resource
@@ -76514,14 +76516,11 @@
 
      <li><p>Perform a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of
      the <a href=#absolute-url>absolute URL</a> of the event source resource, with
-     the <i>mode</i> being <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use Credentials</a>,
-     and the <i title="">origin</i> being the same as the
-     <a href=#origin>origin</a> used in the original request triggered by the
-     <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code>
-     constructor<!--, and the <i>default origin behaviour</i> set to
-     <i>fail</i> (though it has no effect in the "Use Credentials"
-     mode)-->, and process the resource obtained in this fashion, if
-     any, as described earlier in this section.</li>
+     the <i>mode</i><!--, the <i>default origin behaviour</i>,--> and
+     the <i title="">origin</i> being the same as those used in the
+     original request triggered by the <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code> constructor, and
+     process the resource obtained in this fashion, if any, as
+     described earlier in this section.</li>
 
     </ol></li>
 

Modified: index
===================================================================
--- index	2011-12-01 23:00:53 UTC (rev 6840)
+++ index	2011-12-02 22:57:56 UTC (rev 6841)
@@ -240,7 +240,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 28 November 2011</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 2 December 2011</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -76297,15 +76297,17 @@
    <li><p>Return the new <code><a href=#eventsource>EventSource</a></code> object, and continue
    these steps in the background (without blocking scripts).</li>
 
-   <li>
+   <li><!-- if you change this, don't forget to update the
+            reconnecting fetch lower down as well! -->
 
     <p>Do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
     resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i> being
     <var title="">CORS mode</var>, and the <i title="">origin</i>
     being the <a href=#entry-script>entry script</a>'s <a href=#origin>origin</a><!--, and
     the <i>default origin behaviour</i> set to <i>fail</i> (though it
-    has no effect in the "Use Credentials" mode)-->, and process the
-    resource obtained in this fashion, if any, as described below.</p>
+    has no effect in the "Anonymous" and "Use Credentials" modes)-->,
+    and process the resource obtained in this fashion, if any, as
+    described below.</p>
 
     <p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm (which is used by CORS) is
     such that if the browser is already fetching the resource
@@ -76514,14 +76516,11 @@
 
      <li><p>Perform a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of
      the <a href=#absolute-url>absolute URL</a> of the event source resource, with
-     the <i>mode</i> being <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use Credentials</a>,
-     and the <i title="">origin</i> being the same as the
-     <a href=#origin>origin</a> used in the original request triggered by the
-     <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code>
-     constructor<!--, and the <i>default origin behaviour</i> set to
-     <i>fail</i> (though it has no effect in the "Use Credentials"
-     mode)-->, and process the resource obtained in this fashion, if
-     any, as described earlier in this section.</li>
+     the <i>mode</i><!--, the <i>default origin behaviour</i>,--> and
+     the <i title="">origin</i> being the same as those used in the
+     original request triggered by the <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code> constructor, and
+     process the resource obtained in this fashion, if any, as
+     described earlier in this section.</li>
 
     </ol></li>
 

Modified: source
===================================================================
--- source	2011-12-01 23:00:53 UTC (rev 6840)
+++ source	2011-12-02 22:57:56 UTC (rev 6841)
@@ -88449,15 +88449,17 @@
    <li><p>Return the new <code>EventSource</code> object, and continue
    these steps in the background (without blocking scripts).</p></li>
 
-   <li>
+   <li><!-- if you change this, don't forget to update the
+            reconnecting fetch lower down as well! -->
 
     <p>Do a <span>potentially CORS-enabled fetch</span> of the
     resulting <span>absolute URL</span>, with the <i>mode</i> being
     <var title="">CORS mode</var>, and the <i title="">origin</i>
     being the <span>entry script</span>'s <span>origin</span><!--, and
     the <i>default origin behaviour</i> set to <i>fail</i> (though it
-    has no effect in the "Use Credentials" mode)-->, and process the
-    resource obtained in this fashion, if any, as described below.</p>
+    has no effect in the "Anonymous" and "Use Credentials" modes)-->,
+    and process the resource obtained in this fashion, if any, as
+    described below.</p>
 
     <p class="note">The definition of the <span
     title="fetch">fetching</span> algorithm (which is used by CORS) is
@@ -88722,15 +88724,12 @@
 
      <li><p>Perform a <span>potentially CORS-enabled fetch</span> of
      the <span>absolute URL</span> of the event source resource, with
-     the <i>mode</i> being <span
-     title="attr-crossorigin-use-credentials">Use Credentials</span>,
-     and the <i title="">origin</i> being the same as the
-     <span>origin</span> used in the original request triggered by the
-     <code title="dom-EventSource">EventSource()</code>
-     constructor<!--, and the <i>default origin behaviour</i> set to
-     <i>fail</i> (though it has no effect in the "Use Credentials"
-     mode)-->, and process the resource obtained in this fashion, if
-     any, as described earlier in this section.</p></li>
+     the <i>mode</i><!--, the <i>default origin behaviour</i>,--> and
+     the <i title="">origin</i> being the same as those used in the
+     original request triggered by the <code
+     title="dom-EventSource">EventSource()</code> constructor, and
+     process the resource obtained in this fashion, if any, as
+     described earlier in this section.</p></li>
 
     </ol>

More information about the Commit-Watchers mailing list