From 761c414c2d98c6242d2b3ac478fb8e7558086633 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20W=C3=BClker?= Date: Tue, 1 Oct 2024 09:49:42 +0200 Subject: [PATCH] Editorial: assert that request's origin is not "client" It's guaranteed that request's origin cannot be "client" after step 10 of the fetch algorithm, but asserting it makes that clearer. Also always link to the definition of "Assert". --- fetch.bs | 49 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/fetch.bs b/fetch.bs index e3bef0878..0a7f25ada 100644 --- a/fetch.bs +++ b/fetch.bs @@ -458,7 +458,8 @@ and an optional boolean extract-value (default false):

  • Let value be the empty string. -

  • Assert: the code point at position within input is U+0022 ("). +

  • Assert: the code point at position within input is + U+0022 (").

  • Advance position by 1. @@ -494,7 +495,7 @@ and an optional boolean extract-value (default false):

    Otherwise:

      -

    1. Assert: quoteOrBackslash is U+0022 ("). +

    2. Assert: quoteOrBackslash is U+0022 (").

    3. Break.

    @@ -591,8 +592,8 @@ given a header name name and a string type fr structured field value.
      -

    1. Assert: type is one of "dictionary", "list", or - "item". +

    2. Assert: type is one of "dictionary", + "list", or "item".

    3. Let value be the result of getting name from list. @@ -931,7 +932,7 @@ directly. Use get, decode, and split instead.

    4. Let value be the result of getting name from list. -

    5. Assert: value is non-null. +

    6. Assert: value is non-null.

    7. Append (name, value) to headers.

    @@ -2230,6 +2231,9 @@ or "object". return true:
      +

    1. Assert: request's origin is not + "client". +

    2. Let lastURL be null.

    3. @@ -2255,6 +2259,9 @@ return true: run these steps:
        +

      1. Assert: request's origin is not + "client". +

      2. If request has a redirect-tainted origin, then return "null". @@ -2295,8 +2302,8 @@ is to return the result of serializing a request origin with request last, run these steps:

          -

        1. Assert: last is not given, or first is less than or equal to - last. +

        2. Assert: last is not given, or first is less than or equal + to last.

        3. Let rangeValue be `bytes=`. @@ -2326,7 +2333,8 @@ source of security bugs. Please seek security review for features that deal with response, run these steps:

            -

          1. Assert: response's URL list is not empty. +

          2. Assert: response's URL list + is not empty.

          3. Let url be a copy of response's URL list[0]. @@ -2350,6 +2358,9 @@ source of security bugs. Please seek security review for features that deal with request request, run these steps:

              +

            1. Assert: request's origin is not + "client". +

            2. If request's mode is not "no-cors", then return true.

              @@ -2494,7 +2505,7 @@ this is also tracked internally using the request's timing allow fetchParams:
                -

              1. Assert: fetchParams is canceled. +

              2. Assert: fetchParams is canceled.

              3. Return an aborted network error if fetchParams is aborted; otherwise return a network error. @@ -2693,7 +2704,7 @@ manually. [[!HTML]]

                1. If potentialDestination is "fetch", then return the empty string. -

                2. Assert: potentialDestination is a destination. +

                3. Assert: potentialDestination is a destination.

                4. Return potentialDestination.

                @@ -3089,7 +3100,7 @@ or an implementation-defined value.

              4. If topLevelOrigin is null, then set topLevelOrigin to environment's top-level creation URL's origin. -

              5. Assert: topLevelOrigin is an origin. +

              6. Assert: topLevelOrigin is an origin.

              7. Let topLevelSite be the result of obtaining a site, given topLevelOrigin. @@ -3309,6 +3320,9 @@ request header indicates where a given a request request, run these steps:

                  +

                1. Assert: request's origin is not + "client". +

                2. Let serializedOrigin be the result of byte-serializing a request origin with request. @@ -5421,7 +5435,8 @@ run these steps:

                  If request's redirect mode is "manual", then:

                    -

                  1. Assert: request's mode is "navigate". +

                  2. Assert: request's mode is + "navigate".

                  3. Set recursive to false.

                  @@ -6632,6 +6647,9 @@ agent's CORS-preflight cache for which there is a cache entry matchresponse, run these steps:
                    +

                  1. Assert: request's origin is not + "client". +

                  2. If request's timing allow failed flag is set, then return failure. @@ -7032,7 +7050,7 @@ typedef (ReadableStream or XMLHttpRequestBodyInit) BodyInit;

                    If object is a {{ReadableStream}} object, then:

                      -

                    1. Assert: object is neither disturbed nor +

                    2. Assert: object is neither disturbed nor locked.

                    @@ -7680,7 +7698,7 @@ constructor steps are:

                    Otherwise:

                      -

                    1. Assert: input is a {{Request}} object. +

                    2. Assert: input is a {{Request}} object.

                    3. Set request to input's request. @@ -8599,7 +8617,7 @@ that RFC's normative processing requirements to be compatible with deployed cont dataURL and then runs these steps:

                        -

                      1. Assert: dataURL's scheme is "data". +

                      2. Assert: dataURL's scheme is "data".

                      3. Let input be the result of running the URL serializer on dataURL with exclude fragment set to true. @@ -9189,6 +9207,7 @@ Shivani Sharma, Sigbjørn Finne, Simon Pieters, Simon Sapin, +Simon Wülker, Srirama Chandra Sekhar Mogali, Stephan Paul, Steven Salat,