[html5] r7297 - [giow] (1) Cleanup of the 'potentially CORS-enabled fetch' algorithm to actually [...]
whatwg at whatwg.org
whatwg at whatwg.org
Wed Aug 29 13:29:17 PDT 2012
Author: ianh
Date: 2012-08-29 13:29:16 -0700 (Wed, 29 Aug 2012)
New Revision: 7297
Modified:
complete.html
index
source
Log:
[giow] (1) Cleanup of the 'potentially CORS-enabled fetch' algorithm to actually make sense.
Affected topics: HTML
Modified: complete.html
===================================================================
--- complete.html 2012-08-29 18:55:22 UTC (rev 7296)
+++ complete.html 2012-08-29 20:29:16 UTC (rev 7297)
@@ -8713,16 +8713,15 @@
<dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
<dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
+ <dt>If the <var title="">URL</var> is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a></dt>
+ <dt>If the <var title="">URL</var> is a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a></dt>
+ <dt>If the <var title="">URL</var> is <code><a href=#about:blank>about:blank</a></code></dt>
- <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
-
<dd>
<p>Run these substeps:</p>
- <ol><li><p>Let <var title="">result</var> have no value.</li>
-
- <li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
+ <ol><li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
<i>manual redirect flag</i> set.</li> <!-- http-origin privacy
sensitive -->
@@ -8731,79 +8730,43 @@
<li>
- <p>If the result of the <a href=#fetch>fetch</a> is a redirect, and
- the <var title="">mode</var> is not "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", and the
- <a href=#origin>origin</a> of the target URL of the redirect is not the
- <a href=#same-origin>same origin</a> as <var title="">origin</var>, then set
- <var title="">URL</var> to the the target URL of the redirect
- and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled
- fetch</a> algorithm (this time, the branch below will be
- taken, resulting in the fetch being done in a CORS-aware
- fashion).</p>
+ <p>Follow the first appropriate steps from the following list:</p>
- <p>Otherwise, if the result of the <a href=#fetch>fetch</a> is a
- redirect, and <var title="">result</var> still has no value,
- then apply the CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
- <a href=#omit-credentials-flag>omit credentials flag</a> not set and the <i>request
- rules</i> being that the user agent continue to follow these
- steps. If this resumes the <a href=#fetch>fetch</a> algorithm, then
- return to the <i>loop</i> step. If it failed due to a failure of
- the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
- labeled <i>end</i>; if <var title="">default</var> is
- <i>taint</i>, then set <var title="">result</var> to
- <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a> but
- with the <i>manual redirect flag</i> no longer set, and jump to
- the step labeled <i>end</i> below.</p>
+ <dl class=switch><dt>If the result of the <a href=#fetch>fetch</a> is a redirect, and
+ the <a href=#origin>origin</a> of the target URL of the redirect is
+ not the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
- <p>Otherwise, if the resource is not available (e.g. there is
- a network error) then set <var title="">result</var> to the
- same value as <var title="">default</var>, and jump to the
- step labeled <i>end</i> below.</p>
-
- <p>Otherwise, perform a <a href=#resource-sharing-check>resource sharing check</a>,
- with the CORS <a href=#omit-credentials-flag>omit credentials flag</a> not set. If it
- returns fail, then set <var title="">result</var> to the same
- value as <var title="">default</var>; otherwise, set <var title="">result</var> to <i>success</i>. Then, jump to the step
- labeled <i>end</i> below.</p>
-
- </li>
-
- <li>
-
- <p><i>End</i>: Jump to the appropriate step from the following
- list:</p>
-
- <dl class=switch><dt>If <var title="">result</var> is <i>fail</i></dt>
-
<dd>
- <p>Discard all fetched data and prevent any <a href=#concept-task title=concept-task>tasks</a> from the <a href=#fetch>fetch</a>
- algorithm from being <a href=#queue-a-task title="queue a task">queued</a>.
- For the purposes of the calling algorithm, the user agent must
- act as if there was a fatal network error and no resource was
- obtained. The user agent may report a cross-origin resource
- access failure to the user (e.g. in a debugging console).</p>
+ <p>Set <var title="">URL</var> to the the target URL of the
+ redirect and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially
+ CORS-enabled fetch</a> algorithm (this time, one of the
+ other branches below might be taken, based on the value of
+ <var title="">mode</var><!-- but if it's a data: or
+ javascript: URL, we'll stay here -->).</p>
</dd>
- <dt>If <var title="">result</var> is <i>taint</i></dt>
+ <dt>If the result of the <a href=#fetch>fetch</a> is a redirect</dt>
<dd>
- <p>The <a href=#concept-task title=concept-task>tasks</a> from the
- <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
- task">queued</a> normally, but for the purposes of the
- calling algorithm, the obtained resource is
- <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
- cross-origin resource access failure to the user (e.g. in a
- debugging console).</p>
+ <p class=note>The <a href=#origin>origin</a> of the target URL of
+ the redirect is the <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+ <p><a href=#transparently-follow-the-redirect>Transparently follow the redirect</a> and jump to
+ the step labeled <i>loop</i> above.</p>
+
</dd>
- <dt>If <var title="">result</var> is <i>success</i></dt>
+ <dt>Otherwise</dt>
<dd>
+ <p class=note>The resource is available, it is not a
+ redirect, and its <a href=#origin>origin</a> is the <a href=#same-origin>same
+ origin</a> as <var title="">origin</var>.</p>
+
<p>The <a href=#concept-task title=concept-task>tasks</a> from the
<a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
task">queued</a> normally, and for the purposes of the
@@ -8817,11 +8780,55 @@
</ol></dd>
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>" and <var title="">default</var> is <i>taint</i></dt>
+
+ <dd>
+
+ <p class=note>The <var title="">URL</var> does not have the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
+ <p><a href=#fetch>Fetch</a> <var title="">URL</var>.</p> <!--
+ http-origin privacy sensitive -->
+
+ <p>The <a href=#concept-task title=concept-task>tasks</a> from the
+ <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
+ task">queued</a> normally, but for the purposes of the calling
+ algorithm, the obtained resource is
+ <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
+ cross-origin resource access failure to the user (e.g. in a
+ debugging console).</p>
+
+ </dd>
+
+
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+
+ <dd>
+
+ <p class=note>The <var title="">URL</var> does not have the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>, and <var title="">default</var> is <i>fail</i>.</p>
+
+ <p>Discard any data fetched as part of this algorithm, and prevent
+ any <a href=#concept-task title=concept-task>tasks</a> from such invocations
+ of the <a href=#fetch>fetch</a> algorithm from being <a href=#queue-a-task title="queue
+ a task">queued</a>.
+
+ For the purposes of the calling algorithm, the user agent must act
+ as if there was a fatal network error and no resource was
+ obtained. The user agent may report a cross-origin resource access
+ failure to the user (e.g. in a debugging console).</p>
+
+ </dd>
+
+
<dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>" or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
Credentials</a>"</dt>
<dd>
+ <p class=note>The <var title="">URL</var> does not have the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
<p>Run these steps:</p>
<ol><li><p>Perform a <a href=#cross-origin-request>cross-origin request</a> with the
Modified: index
===================================================================
--- index 2012-08-29 18:55:22 UTC (rev 7296)
+++ index 2012-08-29 20:29:16 UTC (rev 7297)
@@ -8713,16 +8713,15 @@
<dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
<dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
+ <dt>If the <var title="">URL</var> is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a></dt>
+ <dt>If the <var title="">URL</var> is a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a></dt>
+ <dt>If the <var title="">URL</var> is <code><a href=#about:blank>about:blank</a></code></dt>
- <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
-
<dd>
<p>Run these substeps:</p>
- <ol><li><p>Let <var title="">result</var> have no value.</li>
-
- <li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
+ <ol><li><p><a href=#fetch>Fetch</a> <var title="">URL</var>, with the
<i>manual redirect flag</i> set.</li> <!-- http-origin privacy
sensitive -->
@@ -8731,79 +8730,43 @@
<li>
- <p>If the result of the <a href=#fetch>fetch</a> is a redirect, and
- the <var title="">mode</var> is not "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", and the
- <a href=#origin>origin</a> of the target URL of the redirect is not the
- <a href=#same-origin>same origin</a> as <var title="">origin</var>, then set
- <var title="">URL</var> to the the target URL of the redirect
- and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled
- fetch</a> algorithm (this time, the branch below will be
- taken, resulting in the fetch being done in a CORS-aware
- fashion).</p>
+ <p>Follow the first appropriate steps from the following list:</p>
- <p>Otherwise, if the result of the <a href=#fetch>fetch</a> is a
- redirect, and <var title="">result</var> still has no value,
- then apply the CORS <a href=#redirect-steps>redirect steps</a>, with the CORS
- <a href=#omit-credentials-flag>omit credentials flag</a> not set and the <i>request
- rules</i> being that the user agent continue to follow these
- steps. If this resumes the <a href=#fetch>fetch</a> algorithm, then
- return to the <i>loop</i> step. If it failed due to a failure of
- the CORS <a href=#resource-sharing-check>resource sharing check</a>, then: if <var title="">default</var> is <i>fail</i>, then set <var title="">result</var> to <i>fail</i> and jump to the step
- labeled <i>end</i>; if <var title="">default</var> is
- <i>taint</i>, then set <var title="">result</var> to
- <i>taint</i>, <a href=#transparently-follow-the-redirect>transparently follow the redirect</a> but
- with the <i>manual redirect flag</i> no longer set, and jump to
- the step labeled <i>end</i> below.</p>
+ <dl class=switch><dt>If the result of the <a href=#fetch>fetch</a> is a redirect, and
+ the <a href=#origin>origin</a> of the target URL of the redirect is
+ not the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
- <p>Otherwise, if the resource is not available (e.g. there is
- a network error) then set <var title="">result</var> to the
- same value as <var title="">default</var>, and jump to the
- step labeled <i>end</i> below.</p>
-
- <p>Otherwise, perform a <a href=#resource-sharing-check>resource sharing check</a>,
- with the CORS <a href=#omit-credentials-flag>omit credentials flag</a> not set. If it
- returns fail, then set <var title="">result</var> to the same
- value as <var title="">default</var>; otherwise, set <var title="">result</var> to <i>success</i>. Then, jump to the step
- labeled <i>end</i> below.</p>
-
- </li>
-
- <li>
-
- <p><i>End</i>: Jump to the appropriate step from the following
- list:</p>
-
- <dl class=switch><dt>If <var title="">result</var> is <i>fail</i></dt>
-
<dd>
- <p>Discard all fetched data and prevent any <a href=#concept-task title=concept-task>tasks</a> from the <a href=#fetch>fetch</a>
- algorithm from being <a href=#queue-a-task title="queue a task">queued</a>.
- For the purposes of the calling algorithm, the user agent must
- act as if there was a fatal network error and no resource was
- obtained. The user agent may report a cross-origin resource
- access failure to the user (e.g. in a debugging console).</p>
+ <p>Set <var title="">URL</var> to the the target URL of the
+ redirect and return to the top of the <a href=#potentially-cors-enabled-fetch>potentially
+ CORS-enabled fetch</a> algorithm (this time, one of the
+ other branches below might be taken, based on the value of
+ <var title="">mode</var><!-- but if it's a data: or
+ javascript: URL, we'll stay here -->).</p>
</dd>
- <dt>If <var title="">result</var> is <i>taint</i></dt>
+ <dt>If the result of the <a href=#fetch>fetch</a> is a redirect</dt>
<dd>
- <p>The <a href=#concept-task title=concept-task>tasks</a> from the
- <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
- task">queued</a> normally, but for the purposes of the
- calling algorithm, the obtained resource is
- <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
- cross-origin resource access failure to the user (e.g. in a
- debugging console).</p>
+ <p class=note>The <a href=#origin>origin</a> of the target URL of
+ the redirect is the <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+ <p><a href=#transparently-follow-the-redirect>Transparently follow the redirect</a> and jump to
+ the step labeled <i>loop</i> above.</p>
+
</dd>
- <dt>If <var title="">result</var> is <i>success</i></dt>
+ <dt>Otherwise</dt>
<dd>
+ <p class=note>The resource is available, it is not a
+ redirect, and its <a href=#origin>origin</a> is the <a href=#same-origin>same
+ origin</a> as <var title="">origin</var>.</p>
+
<p>The <a href=#concept-task title=concept-task>tasks</a> from the
<a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
task">queued</a> normally, and for the purposes of the
@@ -8817,11 +8780,55 @@
</ol></dd>
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>" and <var title="">default</var> is <i>taint</i></dt>
+
+ <dd>
+
+ <p class=note>The <var title="">URL</var> does not have the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
+ <p><a href=#fetch>Fetch</a> <var title="">URL</var>.</p> <!--
+ http-origin privacy sensitive -->
+
+ <p>The <a href=#concept-task title=concept-task>tasks</a> from the
+ <a href=#fetch>fetch</a> algorithm are <a href=#queue-a-task title="queue a
+ task">queued</a> normally, but for the purposes of the calling
+ algorithm, the obtained resource is
+ <a href=#cors-cross-origin>CORS-cross-origin</a>. The user agent may report a
+ cross-origin resource access failure to the user (e.g. in a
+ debugging console).</p>
+
+ </dd>
+
+
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
+
+ <dd>
+
+ <p class=note>The <var title="">URL</var> does not have the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>, and <var title="">default</var> is <i>fail</i>.</p>
+
+ <p>Discard any data fetched as part of this algorithm, and prevent
+ any <a href=#concept-task title=concept-task>tasks</a> from such invocations
+ of the <a href=#fetch>fetch</a> algorithm from being <a href=#queue-a-task title="queue
+ a task">queued</a>.
+
+ For the purposes of the calling algorithm, the user agent must act
+ as if there was a fatal network error and no resource was
+ obtained. The user agent may report a cross-origin resource access
+ failure to the user (e.g. in a debugging console).</p>
+
+ </dd>
+
+
<dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>" or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
Credentials</a>"</dt>
<dd>
+ <p class=note>The <var title="">URL</var> does not have the
+ <a href=#same-origin>same origin</a> as <var title="">origin</var>.</p>
+
<p>Run these steps:</p>
<ol><li><p>Perform a <a href=#cross-origin-request>cross-origin request</a> with the
Modified: source
===================================================================
--- source 2012-08-29 18:55:22 UTC (rev 7296)
+++ source 2012-08-29 20:29:16 UTC (rev 7297)
@@ -8684,17 +8684,16 @@
<dl class="switch">
<dt>If the <var title="">URL</var> has the <span>same origin</span> as <var title="">origin</var></dt>
+ <dt>If the <var title="">URL</var> is a <span title="data protocol"><code title="">data:</code> URL</span></dt>
+ <dt>If the <var title="">URL</var> is a <span title="javascript protocol"><code title="">javascript:</code> URL</span></dt>
+ <dt>If the <var title="">URL</var> is <code>about:blank</code></dt>
- <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>"</dt>
-
<dd>
<p>Run these substeps:</p>
<ol>
- <li><p>Let <var title="">result</var> have no value.</p></li>
-
<li><p><span>Fetch</span> <var title="">URL</var>, with the
<i>manual redirect flag</i> set.</li> <!-- http-origin privacy
sensitive -->
@@ -8704,86 +8703,46 @@
<li>
- <p>If the result of the <span>fetch</span> is a redirect, and
- the <var title="">mode</var> is not "<span
- title="attr-crossorigin-none">No CORS</span>", and the
- <span>origin</span> of the target URL of the redirect is not the
- <span>same origin</span> as <var title="">origin</var>, then set
- <var title="">URL</var> to the the target URL of the redirect
- and return to the top of the <span>potentially CORS-enabled
- fetch</span> algorithm (this time, the branch below will be
- taken, resulting in the fetch being done in a CORS-aware
- fashion).</p>
+ <p>Follow the first appropriate steps from the following list:</p>
- <p>Otherwise, if the result of the <span>fetch</span> is a
- redirect, and <var title="">result</var> still has no value,
- then apply the CORS <span>redirect steps</span>, with the CORS
- <span>omit credentials flag</span> not set and the <i>request
- rules</i> being that the user agent continue to follow these
- steps. If this resumes the <span>fetch</span> algorithm, then
- return to the <i>loop</i> step. If it failed due to a failure of
- the CORS <span>resource sharing check</span>, then: if <var
- title="">default</var> is <i>fail</i>, then set <var
- title="">result</var> to <i>fail</i> and jump to the step
- labeled <i>end</i>; if <var title="">default</var> is
- <i>taint</i>, then set <var title="">result</var> to
- <i>taint</i>, <span>transparently follow the redirect</span> but
- with the <i>manual redirect flag</i> no longer set, and jump to
- the step labeled <i>end</i> below.</p>
-
- <p>Otherwise, if the resource is not available (e.g. there is
- a network error) then set <var title="">result</var> to the
- same value as <var title="">default</var>, and jump to the
- step labeled <i>end</i> below.</p>
-
- <p>Otherwise, perform a <span>resource sharing check</span>,
- with the CORS <span>omit credentials flag</span> not set. If it
- returns fail, then set <var title="">result</var> to the same
- value as <var title="">default</var>; otherwise, set <var
- title="">result</var> to <i>success</i>. Then, jump to the step
- labeled <i>end</i> below.</p>
-
- </li>
-
- <li>
-
- <p><i>End</i>: Jump to the appropriate step from the following
- list:</p>
-
<dl class="switch">
- <dt>If <var title="">result</var> is <i>fail</i></dt>
+ <dt>If the result of the <span>fetch</span> is a redirect, and
+ the <span>origin</span> of the target URL of the redirect is
+ not the <span>same origin</span> as <var title="">origin</var></dt>
<dd>
- <p>Discard all fetched data and prevent any <span
- title="concept-task">tasks</span> from the <span>fetch</span>
- algorithm from being <span title="queue a task">queued</span>.
- For the purposes of the calling algorithm, the user agent must
- act as if there was a fatal network error and no resource was
- obtained. The user agent may report a cross-origin resource
- access failure to the user (e.g. in a debugging console).</p>
+ <p>Set <var title="">URL</var> to the the target URL of the
+ redirect and return to the top of the <span>potentially
+ CORS-enabled fetch</span> algorithm (this time, one of the
+ other branches below might be taken, based on the value of
+ <var title="">mode</var><!-- but if it's a data: or
+ javascript: URL, we'll stay here -->).</p>
</dd>
- <dt>If <var title="">result</var> is <i>taint</i></dt>
+ <dt>If the result of the <span>fetch</span> is a redirect</dt>
<dd>
- <p>The <span title="concept-task">tasks</span> from the
- <span>fetch</span> algorithm are <span title="queue a
- task">queued</span> normally, but for the purposes of the
- calling algorithm, the obtained resource is
- <span>CORS-cross-origin</span>. The user agent may report a
- cross-origin resource access failure to the user (e.g. in a
- debugging console).</p>
+ <p class="note">The <span>origin</span> of the target URL of
+ the redirect is the <span>same origin</span> as <var
+ title="">origin</var>.</p>
+ <p><span>Transparently follow the redirect</span> and jump to
+ the step labeled <i>loop</i> above.</p>
+
</dd>
- <dt>If <var title="">result</var> is <i>success</i></dt>
+ <dt>Otherwise</dt>
<dd>
+ <p class="note">The resource is available, it is not a
+ redirect, and its <span>origin</span> is the <span>same
+ origin</span> as <var title="">origin</var>.</p>
+
<p>The <span title="concept-task">tasks</span> from the
<span>fetch</span> algorithm are <span title="queue a
task">queued</span> normally, and for the purposes of the
@@ -8801,6 +8760,48 @@
</dd>
+ <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>" and <var title="">default</var> is <i>taint</i></dt>
+
+ <dd>
+
+ <p class="note">The <var title="">URL</var> does not have the
+ <span>same origin</span> as <var title="">origin</var>.</p>
+
+ <p><span>Fetch</span> <var title="">URL</var>.</p> <!--
+ http-origin privacy sensitive -->
+
+ <p>The <span title="concept-task">tasks</span> from the
+ <span>fetch</span> algorithm are <span title="queue a
+ task">queued</span> normally, but for the purposes of the calling
+ algorithm, the obtained resource is
+ <span>CORS-cross-origin</span>. The user agent may report a
+ cross-origin resource access failure to the user (e.g. in a
+ debugging console).</p>
+
+ </dd>
+
+
+ <dt>If <var title="">mode</var> is "<span title="attr-crossorigin-none">No CORS</span>"</dt>
+
+ <dd>
+
+ <p class="note">The <var title="">URL</var> does not have the
+ <span>same origin</span> as <var title="">origin</var>, and <var
+ title="">default</var> is <i>fail</i>.</p>
+
+ <p>Discard any data fetched as part of this algorithm, and prevent
+ any <span title="concept-task">tasks</span> from such invocations
+ of the <span>fetch</span> algorithm from being <span title="queue
+ a task">queued</span>.
+
+ For the purposes of the calling algorithm, the user agent must act
+ as if there was a fatal network error and no resource was
+ obtained. The user agent may report a cross-origin resource access
+ failure to the user (e.g. in a debugging console).</p>
+
+ </dd>
+
+
<dt>If <var title="">mode</var> is "<span
title="attr-crossorigin-anonymous">Anonymous</span>" or "<span
title="attr-crossorigin-use-credentials">Use
@@ -8808,6 +8809,9 @@
<dd>
+ <p class="note">The <var title="">URL</var> does not have the
+ <span>same origin</span> as <var title="">origin</var>.</p>
+
<p>Run these steps:</p>
<ol>
More information about the Commit-Watchers
mailing list