diff --git a/fetch.bs b/fetch.bs index 3c51e6092..3581e376d 100644 --- a/fetch.bs +++ b/fetch.bs @@ -1882,16 +1882,6 @@ allowed on the resource fetched by looking at the flag of the response returned. the response of a redirect has to be set if it was set for previous responses in the redirect chain, this is also tracked internally using the request's timing allow failed flag. -
A response can have an associated -location URL (null, failure, or a -URL). Unless specified otherwise, response has no -location URL. - -
This concept is used for redirect handling in Fetch and in HTML's
-navigate algorithm. It ensures `Location
` has
-its value extracted consistently and only once.
-[[!HTML]]
-
A response whose @@ -2008,6 +1998,36 @@ is a filtered response whose
A stale response is a response that is not a fresh response or a stale-while-revalidate response. +
The location URL algorithm of +given a response response is the following steps. They return null, failure, +or a URL. + +
If response's status is not a redirect status, then + return null. + +
Let location be the result of extracting header list values given
+ `Location
` and response's header list.
+
+
+
If location is a value, then set location to the result + of parsing location with response's + URL. + +
If response was constructed through the {{Response}} constructor, + response's URL will be null, meaning that location will + only parse successfully if it is an absolute-URL-with-fragment string. + +
Return location. +
The location URL algorithm is exclusively used for redirect +handling in this standard and in HTML's navigate algorithm which handles redirects +manually. [[!HTML]] +
303 is excluded as certain communities ascribe special status to it. -
Let location be the result of extracting header list values given
- `Location
` and actualResponse's header list.
-
-
If location is a value, then set location to the - result of parsing location with actualResponse's - URL. - -
Set actualResponse's - location URL to location. -
Switch on request's redirect mode: @@ -3998,18 +4008,14 @@ optional CORS-preflight flag, run these steps: filtered response, and response's internal response otherwise. -
If actualResponse's location URL - is null, then return response. +
Let locationURL be actualResponse's location URL. + +
If locationURL is null, then return response. -
If actualResponse's location URL - is failure, then return a network error. - +
If locationURL is failure, then return a network error. -
If actualResponse's - location URL's - scheme is not an - HTTP(S) scheme, then return a - network error. +
If locationURL's scheme is not an HTTP(S) scheme, then + return a network error.
If request's redirect count is twenty, return a network error. @@ -4018,15 +4024,13 @@ optional CORS-preflight flag, run these steps: redirect count by one.
If request's mode is "cors
",
- actualResponse's location URL
- includes credentials, and request's
- origin is not same origin with actualResponse's
- location URL's origin, then return a network error.
+ locationURL includes credentials, and request's
+ origin is not same origin with locationURL's
+ origin, then return a network error.
If request's response tainting is "cors
" and
- actualResponse's location URL
- includes credentials, then return a network error.
+ locationURL includes credentials, then return a network error.
This catches a cross-origin resource redirecting to a same-origin URL. @@ -4034,11 +4038,11 @@ optional CORS-preflight flag, run these steps: body is non-null, and request's body's source is null, then return a network error. -
If actualResponse's location URL's origin is - not same origin with request's current URL's - origin and request's origin is not same origin - with request's current URL's origin, then set - request's tainted origin flag. +
If locationURL's origin is not same origin with + request's current URL's origin and + request's origin is not same origin with request's + current URL's origin, then set request's + tainted origin flag.
If one of the following is true @@ -4069,7 +4073,7 @@ optional CORS-preflight flag, run these steps:
request's body's source's nullity has already been checked. -
Append actualResponse's location URL to request's +
Invoke set request's referrer policy on redirect on request and