Define "Request URL serialization for reporting"

This is a preliminary change for COEP merging to HTML and fetch specs. We will use the serialization multiple times both in the HTML spec and the fetch spec, so defining the operation here will be benefitial.
whatwg · Jun 4, 2020 · ab6aa41 · ab6aa41
1 parent 9ac2b5b
commit ab6aa41
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -1770,6 +1770,26 @@ source of security bugs. Please seek security review for features that deal with
 </ol>
 
 
+<p>To <dfn export for=request id=concept-request-serialize-url-for-reporting>serialize a request URL
+for reporting</dfn>, given a <a for=/>request</a> <var>request</var>, run these steps:
+
+<ol>
+ <li>
+  <p>Let <var>url</var> be a copy of <var>request</var>'s <a for=request>URL</a>.
+
+  <p class="note">This is not <var>request</var>'s <a for=request>current URL</a> in order to avoid
+  leaking information about redirect targets (see
+  <a href="https://w3c.github.io/webappsec-csp/#security-violation-reports">similar considerations
+  for CSP reporting</a> too).
+
+ <li><p><a>Set the username</a> given <var>url</var> and the empty string.
+
+ <li><p><a>Set the password</a> given <var>url</var> and the empty string.
+
+ <li><p>Return <var>url</var> <a lt="url serializer">serialized</a>with the
+ <i>exclude fragment flag</i> set.
+</ol>
+
 <h4 id=responses>Responses</h4>
 
 <p>The result of <a for=/>fetch</a> is a