[html5] r7297 - [giow] (1) Cleanup of the 'potentially CORS-enabled fetch' algorithm to actually [...]

whatwg at whatwg.org whatwg at whatwg.org
Wed Aug 29 13:29:17 PDT 2012


Author: ianh
Date: 2012-08-29 13:29:16 -0700 (Wed, 29 Aug 2012)
New Revision: 7297

Modified:
   complete.html
   index
   source
Log:
[giow] (1) Cleanup of the 'potentially CORS-enabled fetch' algorithm to actually make sense.
Affected topics: HTML

Modified: complete.html
===================================================================
--- complete.html	2012-08-29 18:55:22 UTC (rev 7296)
+++ complete.html	2012-08-29 20:29:16 UTC (rev 7297)
@@ -8713,16 +8713,15 @@
   <dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
 
   <dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
+   <dt>If the <var title="">URL</var> is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a></dt>
+   <dt>If the <var title="">URL</var> is a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a></dt>
+   <dt>If the <var title="">URL</var> is <code><a href=#about:blank>about:blank</a></code></dt>
 
-   <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
-
    <dd>
 
     <p>Run these substeps:</p>
 
-    <ol><li><p>Let <var title="">result</var> have no value.</li>
-
-     <li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
+    <ol><li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
      <i>manual redirect flag</i> set.</li> <!-- http-origin privacy
      sensitive -->
 
@@ -8731,79 +8730,43 @@
 
      <li>
 
-      <p>If the result of the <a href=#fetch>fetch</a> is a redirect, and
-      the <var title="">mode</var> is not "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", and the
-      <a href=#origin>origin</a> of the target URL of the redirect is not the
-      <a href=#same-origin>same origin</a> as <var title="">origin</var>, then set
-      <var title="">URL</var> to the the target URL of the redirect
-      and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled
-      fetch</a> algorithm (this time, the branch below will be
-      taken, resulting in the fetch being done in a CORS-aware
-      fashion).</p>
+      <p>Follow the first appropriate steps from the following list:</p>
 
-      <p>Otherwise, if the result of the <a href=#fetch>fetch</a> is a
-      redirect, and <var title="">result</var> still has no value,
-      then apply the CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
-      <a href=#omit-credentials-flag>omit credentials flag</a> not set and the <i>request
-      rules</i> being that the user agent continue to follow these
-      steps. If this resumes the <a href=#fetch>fetch</a> algorithm, then
-      return to the <i>loop</i> step. If it failed due to a failure of
-      the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
-      labeled <i>end</i>; if <var title="">default</var> is
-      <i>taint</i>, then set <var title="">result</var> to
-      <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a> but
-      with the <i>manual redirect flag</i> no longer set, and jump to
-      the step labeled <i>end</i> below.</p>
+      <dl class=switch><dt>If the result of the <a href=#fetch>fetch</a> is a redirect, and
+       the <a href=#origin>origin</a> of the target URL of the redirect is
+       not the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
 
-      <p>Otherwise, if the resource is not available (e.g. there is
-      a network error) then set <var title="">result</var> to the
-      same value as <var title="">default</var>, and jump to the
-      step labeled <i>end</i> below.</p>
-
-      <p>Otherwise, perform a <a href=#resource-sharing-check>resource sharing check</a>,
-      with the CORS <a href=#omit-credentials-flag>omit credentials flag</a> not set. If it
-      returns fail, then set <var title="">result</var> to the same
-      value as <var title="">default</var>; otherwise, set <var title="">result</var> to <i>success</i>. Then, jump to the step
-      labeled <i>end</i> below.</p>
-
-     </li>
-
-     <li>
-
-      <p><i>End</i>: Jump to the appropriate step from the following
-      list:</p>
-
-      <dl class=switch><dt>If <var title="">result</var> is <i>fail</i></dt>
-
        <dd>
 
-        <p>Discard all fetched data and prevent any <a href=#concept-task title=concept-task>tasks</a> from the <a href=#fetch>fetch</a>
-        algorithm from being <a href=#queue-a-task title="queue a task">queued</a>.
-        For the purposes of the calling algorithm, the user agent must
-        act as if there was a fatal network error and no resource was
-        obtained. The user agent may report a cross-origin resource
-        access failure to the user (e.g. in a debugging console).</p>
+        <p>Set <var title="">URL</var> to the the target URL of the
+        redirect and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially
+        CORS-enabled fetch</a> algorithm (this time, one of the
+        other branches below might be taken, based on the value of
+        <var title="">mode</var><!-- but if it's a data: or
+        javascript: URL, we'll stay here -->).</p>
 
        </dd>
 
-       <dt>If <var title="">result</var> is <i>taint</i></dt>
+       <dt>If the result of the <a href=#fetch>fetch</a> is a redirect</dt>
 
        <dd>
 
-        <p>The <a href=#concept-task title=concept-task>tasks</a> from the
-        <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
-        task">queued</a> normally, but for the purposes of the
-        calling algorithm, the obtained resource is
-        <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
-        cross-origin resource access failure to the user (e.g. in a
-        debugging console).</p>
+        <p class=note>The <a href=#origin>origin</a> of the target URL of
+        the redirect is the <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
 
+        <p><a href=#transparently-follow-the-redirect>Transparently follow the redirect</a> and jump to
+        the step labeled <i>loop</i> above.</p>
+
        </dd>
 
-       <dt>If <var title="">result</var> is <i>success</i></dt>
+       <dt>Otherwise</dt>
 
        <dd>
 
+        <p class=note>The resource is available, it is not a
+        redirect, and its <a href=#origin>origin</a> is the <a href=#same-origin>same
+        origin</a> as <var title="">origin</var>.</p>
+
         <p>The <a href=#concept-task title=concept-task>tasks</a> from the
         <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
         task">queued</a> normally, and for the purposes of the
@@ -8817,11 +8780,55 @@
     </ol></dd>
 
 
+   <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>" and <var title="">default</var> is <i>taint</i></dt>
+
+   <dd>
+
+    <p class=note>The <var title="">URL</var> does not have the
+    <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
+    <p><a href=#fetch>Fetch</a> <var title="">URL</var>.</p> <!--
+    http-origin privacy sensitive -->
+
+    <p>The <a href=#concept-task title=concept-task>tasks</a> from the
+    <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
+    task">queued</a> normally, but for the purposes of the calling
+    algorithm, the obtained resource is
+    <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
+    cross-origin resource access failure to the user (e.g. in a
+    debugging console).</p>
+
+   </dd>
+
+
+   <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+
+   <dd>
+
+    <p class=note>The <var title="">URL</var> does not have the
+    <a href=#same-origin>same origin</a> as <var title="">origin</var>, and <var title="">default</var> is <i>fail</i>.</p>
+ 
+    <p>Discard any data fetched as part of this algorithm, and prevent
+    any <a href=#concept-task title=concept-task>tasks</a> from such invocations
+    of the <a href=#fetch>fetch</a> algorithm from being <a href=#queue-a-task title="queue
+    a task">queued</a>.
+
+    For the purposes of the calling algorithm, the user agent must act
+    as if there was a fatal network error and no resource was
+    obtained. The user agent may report a cross-origin resource access
+    failure to the user (e.g. in a debugging console).</p>
+
+   </dd>
+
+
    <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>" or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
    Credentials</a>"</dt>
 
    <dd>
 
+    <p class=note>The <var title="">URL</var> does not have the
+    <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
     <p>Run these steps:</p>
 
     <ol><li><p>Perform a <a href=#cross-origin-request>cross-origin request</a> with the

Modified: index
===================================================================
--- index	2012-08-29 18:55:22 UTC (rev 7296)
+++ index	2012-08-29 20:29:16 UTC (rev 7297)
@@ -8713,16 +8713,15 @@
   <dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
 
   <dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
+   <dt>If the <var title="">URL</var> is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a></dt>
+   <dt>If the <var title="">URL</var> is a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a></dt>
+   <dt>If the <var title="">URL</var> is <code><a href=#about:blank>about:blank</a></code></dt>
 
-   <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
-
    <dd>
 
     <p>Run these substeps:</p>
 
-    <ol><li><p>Let <var title="">result</var> have no value.</li>
-
-     <li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
+    <ol><li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
      <i>manual redirect flag</i> set.</li> <!-- http-origin privacy
      sensitive -->
 
@@ -8731,79 +8730,43 @@
 
      <li>
 
-      <p>If the result of the <a href=#fetch>fetch</a> is a redirect, and
-      the <var title="">mode</var> is not "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", and the
-      <a href=#origin>origin</a> of the target URL of the redirect is not the
-      <a href=#same-origin>same origin</a> as <var title="">origin</var>, then set
-      <var title="">URL</var> to the the target URL of the redirect
-      and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled
-      fetch</a> algorithm (this time, the branch below will be
-      taken, resulting in the fetch being done in a CORS-aware
-      fashion).</p>
+      <p>Follow the first appropriate steps from the following list:</p>
 
-      <p>Otherwise, if the result of the <a href=#fetch>fetch</a> is a
-      redirect, and <var title="">result</var> still has no value,
-      then apply the CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
-      <a href=#omit-credentials-flag>omit credentials flag</a> not set and the <i>request
-      rules</i> being that the user agent continue to follow these
-      steps. If this resumes the <a href=#fetch>fetch</a> algorithm, then
-      return to the <i>loop</i> step. If it failed due to a failure of
-      the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
-      labeled <i>end</i>; if <var title="">default</var> is
-      <i>taint</i>, then set <var title="">result</var> to
-      <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a> but
-      with the <i>manual redirect flag</i> no longer set, and jump to
-      the step labeled <i>end</i> below.</p>
+      <dl class=switch><dt>If the result of the <a href=#fetch>fetch</a> is a redirect, and
+       the <a href=#origin>origin</a> of the target URL of the redirect is
+       not the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
 
-      <p>Otherwise, if the resource is not available (e.g. there is
-      a network error) then set <var title="">result</var> to the
-      same value as <var title="">default</var>, and jump to the
-      step labeled <i>end</i> below.</p>
-
-      <p>Otherwise, perform a <a href=#resource-sharing-check>resource sharing check</a>,
-      with the CORS <a href=#omit-credentials-flag>omit credentials flag</a> not set. If it
-      returns fail, then set <var title="">result</var> to the same
-      value as <var title="">default</var>; otherwise, set <var title="">result</var> to <i>success</i>. Then, jump to the step
-      labeled <i>end</i> below.</p>
-
-     </li>
-
-     <li>
-
-      <p><i>End</i>: Jump to the appropriate step from the following
-      list:</p>
-
-      <dl class=switch><dt>If <var title="">result</var> is <i>fail</i></dt>
-
        <dd>
 
-        <p>Discard all fetched data and prevent any <a href=#concept-task title=concept-task>tasks</a> from the <a href=#fetch>fetch</a>
-        algorithm from being <a href=#queue-a-task title="queue a task">queued</a>.
-        For the purposes of the calling algorithm, the user agent must
-        act as if there was a fatal network error and no resource was
-        obtained. The user agent may report a cross-origin resource
-        access failure to the user (e.g. in a debugging console).</p>
+        <p>Set <var title="">URL</var> to the the target URL of the
+        redirect and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially
+        CORS-enabled fetch</a> algorithm (this time, one of the
+        other branches below might be taken, based on the value of
+        <var title="">mode</var><!-- but if it's a data: or
+        javascript: URL, we'll stay here -->).</p>
 
        </dd>
 
-       <dt>If <var title="">result</var> is <i>taint</i></dt>
+       <dt>If the result of the <a href=#fetch>fetch</a> is a redirect</dt>
 
        <dd>
 
-        <p>The <a href=#concept-task title=concept-task>tasks</a> from the
-        <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
-        task">queued</a> normally, but for the purposes of the
-        calling algorithm, the obtained resource is
-        <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
-        cross-origin resource access failure to the user (e.g. in a
-        debugging console).</p>
+        <p class=note>The <a href=#origin>origin</a> of the target URL of
+        the redirect is the <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
 
+        <p><a href=#transparently-follow-the-redirect>Transparently follow the redirect</a> and jump to
+        the step labeled <i>loop</i> above.</p>
+
        </dd>
 
-       <dt>If <var title="">result</var> is <i>success</i></dt>
+       <dt>Otherwise</dt>
 
        <dd>
 
+        <p class=note>The resource is available, it is not a
+        redirect, and its <a href=#origin>origin</a> is the <a href=#same-origin>same
+        origin</a> as <var title="">origin</var>.</p>
+
         <p>The <a href=#concept-task title=concept-task>tasks</a> from the
         <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
         task">queued</a> normally, and for the purposes of the
@@ -8817,11 +8780,55 @@
     </ol></dd>
 
 
+   <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>" and <var title="">default</var> is <i>taint</i></dt>
+
+   <dd>
+
+    <p class=note>The <var title="">URL</var> does not have the
+    <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
+    <p><a href=#fetch>Fetch</a> <var title="">URL</var>.</p> <!--
+    http-origin privacy sensitive -->
+
+    <p>The <a href=#concept-task title=concept-task>tasks</a> from the
+    <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
+    task">queued</a> normally, but for the purposes of the calling
+    algorithm, the obtained resource is
+    <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
+    cross-origin resource access failure to the user (e.g. in a
+    debugging console).</p>
+
+   </dd>
+
+
+   <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+
+   <dd>
+
+    <p class=note>The <var title="">URL</var> does not have the
+    <a href=#same-origin>same origin</a> as <var title="">origin</var>, and <var title="">default</var> is <i>fail</i>.</p>
+ 
+    <p>Discard any data fetched as part of this algorithm, and prevent
+    any <a href=#concept-task title=concept-task>tasks</a> from such invocations
+    of the <a href=#fetch>fetch</a> algorithm from being <a href=#queue-a-task title="queue
+    a task">queued</a>.
+
+    For the purposes of the calling algorithm, the user agent must act
+    as if there was a fatal network error and no resource was
+    obtained. The user agent may report a cross-origin resource access
+    failure to the user (e.g. in a debugging console).</p>
+
+   </dd>
+
+
    <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>" or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
    Credentials</a>"</dt>
 
    <dd>
 
+    <p class=note>The <var title="">URL</var> does not have the
+    <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
     <p>Run these steps:</p>
 
     <ol><li><p>Perform a <a href=#cross-origin-request>cross-origin request</a> with the

Modified: source
===================================================================
--- source	2012-08-29 18:55:22 UTC (rev 7296)
+++ source	2012-08-29 20:29:16 UTC (rev 7297)
@@ -8684,17 +8684,16 @@
   <dl class="switch">
 
    <dt>If the <var title="">URL</var> has the <span>same origin</span> as <var title="">origin</var></dt>
+   <dt>If the <var title="">URL</var> is a <span title="data protocol"><code title="">data:</code> URL</span></dt>
+   <dt>If the <var title="">URL</var> is a <span title="javascript protocol"><code title="">javascript:</code> URL</span></dt>
+   <dt>If the <var title="">URL</var> is <code>about:blank</code></dt>
 
-   <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>"</dt>
-
    <dd>
 
     <p>Run these substeps:</p>
 
     <ol>
 
-     <li><p>Let <var title="">result</var> have no value.</p></li>
-
      <li><p><span>Fetch</span> <var title="">URL</var>, with the
      <i>manual redirect flag</i> set.</li> <!-- http-origin privacy
      sensitive -->
@@ -8704,86 +8703,46 @@
 
      <li>
 
-      <p>If the result of the <span>fetch</span> is a redirect, and
-      the <var title="">mode</var> is not "<span
-      title="attr-crossorigin-none">No CORS</span>", and the
-      <span>origin</span> of the target URL of the redirect is not the
-      <span>same origin</span> as <var title="">origin</var>, then set
-      <var title="">URL</var> to the the target URL of the redirect
-      and return to the top of the <span>potentially CORS-enabled
-      fetch</span> algorithm (this time, the branch below will be
-      taken, resulting in the fetch being done in a CORS-aware
-      fashion).</p>
+      <p>Follow the first appropriate steps from the following list:</p>
 
-      <p>Otherwise, if the result of the <span>fetch</span> is a
-      redirect, and <var title="">result</var> still has no value,
-      then apply the CORS <span>redirect steps</span>, with the CORS
-      <span>omit credentials flag</span> not set and the <i>request
-      rules</i> being that the user agent continue to follow these
-      steps. If this resumes the <span>fetch</span> algorithm, then
-      return to the <i>loop</i> step. If it failed due to a failure of
-      the CORS <span>resource sharing check</span>, then: if <var
-      title="">default</var> is <i>fail</i>, then set <var
-      title="">result</var> to <i>fail</i> and jump to the step
-      labeled <i>end</i>; if <var title="">default</var> is
-      <i>taint</i>, then set <var title="">result</var> to
-      <i>taint</i>, <span>transparently follow the redirect</span> but
-      with the <i>manual redirect flag</i> no longer set, and jump to
-      the step labeled <i>end</i> below.</p>
-
-      <p>Otherwise, if the resource is not available (e.g. there is
-      a network error) then set <var title="">result</var> to the
-      same value as <var title="">default</var>, and jump to the
-      step labeled <i>end</i> below.</p>
-
-      <p>Otherwise, perform a <span>resource sharing check</span>,
-      with the CORS <span>omit credentials flag</span> not set. If it
-      returns fail, then set <var title="">result</var> to the same
-      value as <var title="">default</var>; otherwise, set <var
-      title="">result</var> to <i>success</i>. Then, jump to the step
-      labeled <i>end</i> below.</p>
-
-     </li>
-
-     <li>
-
-      <p><i>End</i>: Jump to the appropriate step from the following
-      list:</p>
-
       <dl class="switch">
 
-       <dt>If <var title="">result</var> is <i>fail</i></dt>
+       <dt>If the result of the <span>fetch</span> is a redirect, and
+       the <span>origin</span> of the target URL of the redirect is
+       not the <span>same origin</span> as <var title="">origin</var></dt>
 
        <dd>
 
-        <p>Discard all fetched data and prevent any <span
-        title="concept-task">tasks</span> from the <span>fetch</span>
-        algorithm from being <span title="queue a task">queued</span>.
-        For the purposes of the calling algorithm, the user agent must
-        act as if there was a fatal network error and no resource was
-        obtained. The user agent may report a cross-origin resource
-        access failure to the user (e.g. in a debugging console).</p>
+        <p>Set <var title="">URL</var> to the the target URL of the
+        redirect and return to the top of the <span>potentially
+        CORS-enabled fetch</span> algorithm (this time, one of the
+        other branches below might be taken, based on the value of
+        <var title="">mode</var><!-- but if it's a data: or
+        javascript: URL, we'll stay here -->).</p>
 
        </dd>
 
-       <dt>If <var title="">result</var> is <i>taint</i></dt>
+       <dt>If the result of the <span>fetch</span> is a redirect</dt>
 
        <dd>
 
-        <p>The <span title="concept-task">tasks</span> from the
-        <span>fetch</span> algorithm are <span title="queue a
-        task">queued</span> normally, but for the purposes of the
-        calling algorithm, the obtained resource is
-        <span>CORS-cross-origin</span>. The user agent may report a
-        cross-origin resource access failure to the user (e.g. in a
-        debugging console).</p>
+        <p class="note">The <span>origin</span> of the target URL of
+        the redirect is the <span>same origin</span> as <var
+        title="">origin</var>.</p>
 
+        <p><span>Transparently follow the redirect</span> and jump to
+        the step labeled <i>loop</i> above.</p>
+
        </dd>
 
-       <dt>If <var title="">result</var> is <i>success</i></dt>
+       <dt>Otherwise</dt>
 
        <dd>
 
+        <p class="note">The resource is available, it is not a
+        redirect, and its <span>origin</span> is the <span>same
+        origin</span> as <var title="">origin</var>.</p>
+
         <p>The <span title="concept-task">tasks</span> from the
         <span>fetch</span> algorithm are <span title="queue a
         task">queued</span> normally, and for the purposes of the
@@ -8801,6 +8760,48 @@
    </dd>
 
 
+   <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>" and <var title="">default</var> is <i>taint</i></dt>
+
+   <dd>
+
+    <p class="note">The <var title="">URL</var> does not have the
+    <span>same origin</span> as <var title="">origin</var>.</p>
+
+    <p><span>Fetch</span> <var title="">URL</var>.</p> <!--
+    http-origin privacy sensitive -->
+
+    <p>The <span title="concept-task">tasks</span> from the
+    <span>fetch</span> algorithm are <span title="queue a
+    task">queued</span> normally, but for the purposes of the calling
+    algorithm, the obtained resource is
+    <span>CORS-cross-origin</span>. The user agent may report a
+    cross-origin resource access failure to the user (e.g. in a
+    debugging console).</p>
+
+   </dd>
+
+
+   <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>"</dt>
+
+   <dd>
+
+    <p class="note">The <var title="">URL</var> does not have the
+    <span>same origin</span> as <var title="">origin</var>, and <var
+    title="">default</var> is <i>fail</i>.</p>
+ 
+    <p>Discard any data fetched as part of this algorithm, and prevent
+    any <span title="concept-task">tasks</span> from such invocations
+    of the <span>fetch</span> algorithm from being <span title="queue
+    a task">queued</span>.
+
+    For the purposes of the calling algorithm, the user agent must act
+    as if there was a fatal network error and no resource was
+    obtained. The user agent may report a cross-origin resource access
+    failure to the user (e.g. in a debugging console).</p>
+
+   </dd>
+
+
    <dt>If <var title="">mode</var> is "<span
    title="attr-crossorigin-anonymous">Anonymous</span>" or "<span
    title="attr-crossorigin-use-credentials">Use
@@ -8808,6 +8809,9 @@
 
    <dd>
 
+    <p class="note">The <var title="">URL</var> does not have the
+    <span>same origin</span> as <var title="">origin</var>.</p>
+
     <p>Run these steps:</p>
 
     <ol>




More information about the Commit-Watchers mailing list