-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pass cryptographic nonce metadata to Fetch #990
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2851,6 +2851,7 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d | |
<li><dfn data-noexport="" data-x-href="https://fetch.spec.whatwg.org/#unsafe-request-flag">unsafe-request flag</dfn> | ||
<li><dfn data-noexport="" data-x="concept-request-cache-mode" data-x-href="https://fetch.spec.whatwg.org/#concept-request-cache-mode">cache mode</dfn> | ||
<li><dfn data-noexport="" data-x="concept-request-redirect-mode" data-x-href="https://fetch.spec.whatwg.org/#concept-request-redirect-mode">redirect mode</dfn> | ||
<li><dfn data-noexport="" data-x="concept-request-nonce-metadata" data-x-href="https://fetch.spec.whatwg.org/#concept-request-nonce-metadata">cryptographic nonce metadata</dfn> | ||
</ul> | ||
</ul> | ||
|
||
|
@@ -58517,6 +58518,15 @@ o............A....e | |
<li><p>Let <var>CORS setting</var> be the current state of the element's <code | ||
data-x="attr-script-crossorigin">crossorigin</code> content attribute.</p></li> | ||
|
||
<li> | ||
|
||
<p>If the <code>script</code> element has a <code data-x="attr-script-nonce">nonce</code> | ||
attribute, then let <var>crytographic nonce</var> be that attribute's value.</p> | ||
|
||
<p>Otherwise, let <var>cryptographic nonce</var> be the empty string.</p> | ||
|
||
</li> | ||
|
||
<li><p>Let <var>settings</var> be the element's <span>node document</span>'s | ||
<code>Window</code> object's <span>environment settings object</span>.</p></li> | ||
|
||
|
@@ -58551,7 +58561,7 @@ o............A....e | |
<dt>"<code data-x="">classic</code>"</dt> | ||
<dd> | ||
<p><span>Fetch a classic script</span> given <var>url</var>, <var>CORS setting</var>, | ||
<var>settings</var>, and <var>encoding</var>.</p> | ||
<var>cryptographic nonce</var>, <var>settings</var>, and <var>encoding</var>.</p> | ||
</dd> | ||
|
||
<dt>"<code data-x="">module</code>"</dt> | ||
|
@@ -58574,7 +58584,8 @@ o............A....e | |
</li> | ||
|
||
<li><p><span>Fetch a module script tree</span> given <var>url</var>, <var>credentials | ||
mode</var>, "<code data-x="">script</code>", and <var>settings</var>.</p></li> | ||
mode</var>, <var>cryptographic nonce</var>, "<code data-x="">script</code>", and | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. typo: should be "cryptographic nonce", not "cryptographic nonce metadata". Here and above. |
||
<var>settings</var>.</p></li> | ||
</ol> | ||
</dd> | ||
</dl> | ||
|
@@ -84844,6 +84855,15 @@ interface <dfn>NavigatorOnLine</dfn> { | |
|
||
</dd> | ||
|
||
<dt>A <dfn data-x="concept-module-script-nonce">cryptographic nonce</dfn></dt> | ||
|
||
<dd> | ||
|
||
<p>A <span data-x="concept-request-nonce-metadata">cryptographic nonce</span> used to fetch | ||
imported modules.</p> | ||
|
||
</dd> | ||
|
||
</dl> | ||
|
||
<hr> | ||
|
@@ -85037,9 +85057,10 @@ interface <dfn>NavigatorOnLine</dfn> { | |
algorithms with its own options for the hooks. <ref spec=SW></p> | ||
|
||
<p>To <dfn>fetch a classic script</dfn> for a <code>script</code> element <var>element</var>, | ||
given a <var>url</var>, a <var>CORS setting</var>, a <var>settings object</var>, and a | ||
<var>character encoding</var>, run these steps. The algorithm will asynchronously complete with | ||
either null (on failure) or a new <span>classic script</span> (on success).</p> | ||
given a <var>url</var>, a <var>CORS setting</var>, a <var>cryptographic nonce</var>, a | ||
<var>settings object</var>, and a <var>character encoding</var>, run these steps. The algorithm | ||
will asynchronously complete with either null (on failure) or a new <span>classic script</span> | ||
(on success).</p> | ||
|
||
<ol> | ||
<li><p>Let <var>request</var> be the result of <span data-x="create a potential-CORS | ||
|
@@ -85048,8 +85069,10 @@ interface <dfn>NavigatorOnLine</dfn> { | |
|
||
<li><p>Set <var>request</var>'s <span data-x="concept-request-client">client</span> to | ||
<var>settings object</var>, its <span data-x="concept-request-type">type</span> to "<code | ||
data-x="">script</code>", and its <span data-x="concept-request-destination">destination</span> | ||
to "<code data-x="">script</code>".</p></li> | ||
data-x="">script</code>", its <span data-x="concept-request-destination">destination</span> | ||
to "<code data-x="">script</code>", and its <span | ||
data-x="concept-request-nonce-metadata">cryptographic nonce metadata</span> to | ||
<var>cryptographic nonce</var>.</p></li> | ||
|
||
<li><p>If the caller specified custom steps to <span data-x="fetching-scripts-set-up-request">set | ||
up the request</span>, perform them on <var>request</var>.</p></li> | ||
|
@@ -85147,19 +85170,19 @@ interface <dfn>NavigatorOnLine</dfn> { | |
</ol> | ||
|
||
<p>To <dfn>fetch a module script tree</dfn> given a <var>url</var>, a <var>credentials mode</var>, | ||
a <var>destination</var>, a <var>settings object</var>, and an optional <var>ancestor list</var>, | ||
run these steps. The algorithm will asynchronously complete with either null (on failure) or a | ||
<span>module script</span> (on success).</p> | ||
a <var>cryptographic nonce</var>, a <var>destination</var>, a <var>settings object</var>, and an | ||
optional <var>ancestor list</var>, run these steps. The algorithm will asynchronously complete with | ||
either null (on failure) or a <span>module script</span> (on success).</p> | ||
|
||
<ol> | ||
<li><p>If <var>ancestor list</var> is not given, let it be an empty list.</p></li> | ||
|
||
<li><p><span>Fetch a single module script</span> given <var>url</var>, <var>credentials | ||
mode</var>, <var>destination</var>, and <var>settings object</var>. If the caller of this | ||
algorithm specified custom <span data-x="fetching-scripts-set-up-request">set up the | ||
request</span> or <span data-x="fetching-scripts-validate-response">validate the response</span> | ||
steps, pass those along while <span data-x="fetch a single module script">fetching a single | ||
module script</span>.</p> | ||
mode</var>, <var>cryptographic nonce</var>, <var>destination</var>, and <var>settings | ||
object</var>. If the caller of this algorithm specified custom <span | ||
data-x="fetching-scripts-set-up-request">set up the request</span> or <span | ||
data-x="fetching-scripts-validate-response">validate the response</span> steps, pass those along | ||
while <span data-x="fetch a single module script">fetching a single module script</span>.</p> | ||
|
||
<li><p>Return from this algorithm and run the following steps when <span data-x="fetch a single | ||
module script">fetching a single module script</span> asynchronously completes with | ||
|
@@ -85226,8 +85249,10 @@ interface <dfn>NavigatorOnLine</dfn> { | |
<li> | ||
<p>For each <var>url</var> in <var>urls</var>, <span>fetch a module script tree</span> given | ||
<var>url</var>, <var>module script</var>'s <span | ||
data-x="concept-module-script-credentials-mode">credentials mode</span>, <var>destination</var>, | ||
<var>module script</var>'s <span>settings object</span>, and <var>ancestor list</var>.</p> | ||
data-x="concept-module-script-credentials-mode">credentials mode</span>, <var>module | ||
script</var>'s <span data-x="concept-module-script-nonce">cryptographic nonce</span>, | ||
<var>destination</var>, <var>module script</var>'s <span>settings object</span>, and | ||
<var>ancestor list</var>.</p> | ||
|
||
<p class="note">It is intentional that no custom <span | ||
data-x="fetching-scripts-set-up-request">set up the request</span> or <span | ||
|
@@ -85245,9 +85270,9 @@ interface <dfn>NavigatorOnLine</dfn> { | |
</ol> | ||
|
||
<p>To <dfn>fetch a single module script</dfn>, given a <var>url</var>, a <var>credentials | ||
mode</var>, a <var>destination</var>, and a <var>settings object</var>, run these steps. The | ||
algorithm will asynchronously complete with either null (on failure) or a <span>module | ||
script</span> (on success).</p> | ||
mode</var>, a <var>cryptographic nonce</var>, a <var>destination</var>, and a <var>settings | ||
object</var>, run these steps. The algorithm will asynchronously complete with either null (on | ||
failure) or a <span>module script</span> (on success).</p> | ||
|
||
<ol> | ||
<li><p>Let <var>module map</var> be <var>settings</var>'s <span>module map</span>.</p></li> | ||
|
@@ -85268,7 +85293,8 @@ interface <dfn>NavigatorOnLine</dfn> { | |
data-x="concept-request-type">type</span> is "<code data-x="">script</code>", <span | ||
data-x="concept-request-mode">mode</span> is "<code data-x="">cors</code>", <span | ||
data-x="concept-request-credentials-mode">credentials mode</span> is <var>credentials | ||
mode</var>, and <span data-x="concept-request-client">client</span> is | ||
mode</var>, <span data-x="concept-request-nonce-metadata">cryptographic nonce metadata</span> is | ||
<var>cryptographic nonce</var>, and <span data-x="concept-request-client">client</span> is | ||
<var>settings object</var>.</p></li> | ||
|
||
<li><p>If the caller specified custom steps to <span data-x="fetching-scripts-set-up-request">set | ||
|
@@ -85318,7 +85344,8 @@ interface <dfn>NavigatorOnLine</dfn> { | |
|
||
<li><p>Let <var>module script</var> be the result of <span>creating a module script</span> given | ||
<var>source text</var>, <var>settings object</var>, <var>response</var>'s <span | ||
data-x="concept-response-url">url</span>, and <var>credentials mode</var>.</p></li> | ||
data-x="concept-response-url">url</span>, <var>credentials mode</var>, and <var>cryptographic | ||
nonce</var>.</p></li> | ||
|
||
<li> | ||
<p>Set the value of the entry in <var>module map</var> whose key is <var>url</var> to | ||
|
@@ -85362,8 +85389,8 @@ interface <dfn>NavigatorOnLine</dfn> { | |
</ol> | ||
|
||
<p>To <dfn data-x="creating a module script">create a module script</dfn>, given some script | ||
source, an <span>environment settings object</span>, a script base URL, and a credentials | ||
mode:</p> | ||
source, an <span>environment settings object</span>, a script base URL, a credentials mode, and | ||
a cryptographic nonce:</p> | ||
|
||
<ol> | ||
|
||
|
@@ -85398,6 +85425,9 @@ interface <dfn>NavigatorOnLine</dfn> { | |
<li><p>Set <var>script</var>'s <span data-x="concept-module-script-credentials-mode">credentials | ||
mode</span> to the credentials mode provided.</p></li> | ||
|
||
<li><p>Set <var>script</var>'s <span data-x="concept-module-script-nonce">cryptographic | ||
nonce</span> to the cryptographic nonce provided.</p></li> | ||
|
||
<li><p>Return <var>script</var>.</p></li> | ||
|
||
</ol> | ||
|
@@ -94566,7 +94596,8 @@ interface <dfn>WorkerGlobalScope</dfn> : <span>EventTarget</span> { | |
|
||
<dt>"<code data-x="">module</code>"</dt> | ||
<dd><span>Fetch a module script tree</span> given <var>url</var>, the value of the <code | ||
data-x="">credentials</code> member of <var>options</var>, <var>destination</var>, and | ||
data-x="">credentials</code> member of <var>options</var>, the empty string (as no | ||
<var>cryptographic nonce</var> is present for workers), <var>destination</var>, and | ||
<var>settings object</var>.</dd> | ||
</dl> | ||
|
||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
value, this attribute has no states.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to line up with other attribute checks in this algorithm.