Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pass cryptographic nonce metadata to Fetch #990

Merged
merged 1 commit into from
Apr 6, 2016
Merged

Pass cryptographic nonce metadata to Fetch #990

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 56 additions & 25 deletions source
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2851,6 +2851,7 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
<li><dfn data-noexport="" data-x-href="https://fetch.spec.whatwg.org/#unsafe-request-flag">unsafe-request flag</dfn>
<li><dfn data-noexport="" data-x="concept-request-cache-mode" data-x-href="https://fetch.spec.whatwg.org/#concept-request-cache-mode">cache mode</dfn>
<li><dfn data-noexport="" data-x="concept-request-redirect-mode" data-x-href="https://fetch.spec.whatwg.org/#concept-request-redirect-mode">redirect mode</dfn>
<li><dfn data-noexport="" data-x="concept-request-nonce-metadata" data-x-href="https://fetch.spec.whatwg.org/#concept-request-nonce-metadata">cryptographic nonce metadata</dfn>
</ul>
</ul>

Expand Down Expand Up @@ -58517,6 +58518,15 @@ o............A....e
<li><p>Let <var>CORS setting</var> be the current state of the element's <code
data-x="attr-script-crossorigin">crossorigin</code> content attribute.</p></li>

<li>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

value, this attribute has no states.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to line up with other attribute checks in this algorithm.

<p>If the <code>script</code> element has a <code data-x="attr-script-nonce">nonce</code>
attribute, then let <var>crytographic nonce</var> be that attribute's value.</p>

<p>Otherwise, let <var>cryptographic nonce</var> be the empty string.</p>

</li>

<li><p>Let <var>settings</var> be the element's <span>node document</span>'s
<code>Window</code> object's <span>environment settings object</span>.</p></li>

Expand Down Expand Up @@ -58551,7 +58561,7 @@ o............A....e
<dt>"<code data-x="">classic</code>"</dt>
<dd>
<p><span>Fetch a classic script</span> given <var>url</var>, <var>CORS setting</var>,
<var>settings</var>, and <var>encoding</var>.</p>
<var>cryptographic nonce</var>, <var>settings</var>, and <var>encoding</var>.</p>
</dd>

<dt>"<code data-x="">module</code>"</dt>
Expand All @@ -58574,7 +58584,8 @@ o............A....e
</li>

<li><p><span>Fetch a module script tree</span> given <var>url</var>, <var>credentials
mode</var>, "<code data-x="">script</code>", and <var>settings</var>.</p></li>
mode</var>, <var>cryptographic nonce</var>, "<code data-x="">script</code>", and
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: should be "cryptographic nonce", not "cryptographic nonce metadata". Here and above.

<var>settings</var>.</p></li>
</ol>
</dd>
</dl>
Expand Down Expand Up @@ -84844,6 +84855,15 @@ interface <dfn>NavigatorOnLine</dfn> {

</dd>

<dt>A <dfn data-x="concept-module-script-nonce">cryptographic nonce</dfn></dt>

<dd>

<p>A <span data-x="concept-request-nonce-metadata">cryptographic nonce</span> used to fetch
imported modules.</p>

</dd>

</dl>

<hr>
Expand Down Expand Up @@ -85037,9 +85057,10 @@ interface <dfn>NavigatorOnLine</dfn> {
algorithms with its own options for the hooks. <ref spec=SW></p>

<p>To <dfn>fetch a classic script</dfn> for a <code>script</code> element <var>element</var>,
given a <var>url</var>, a <var>CORS setting</var>, a <var>settings object</var>, and a
<var>character encoding</var>, run these steps. The algorithm will asynchronously complete with
either null (on failure) or a new <span>classic script</span> (on success).</p>
given a <var>url</var>, a <var>CORS setting</var>, a <var>cryptographic nonce</var>, a
<var>settings object</var>, and a <var>character encoding</var>, run these steps. The algorithm
will asynchronously complete with either null (on failure) or a new <span>classic script</span>
(on success).</p>

<ol>
<li><p>Let <var>request</var> be the result of <span data-x="create a potential-CORS
Expand All @@ -85048,8 +85069,10 @@ interface <dfn>NavigatorOnLine</dfn> {

<li><p>Set <var>request</var>'s <span data-x="concept-request-client">client</span> to
<var>settings object</var>, its <span data-x="concept-request-type">type</span> to "<code
data-x="">script</code>", and its <span data-x="concept-request-destination">destination</span>
to "<code data-x="">script</code>".</p></li>
data-x="">script</code>", its <span data-x="concept-request-destination">destination</span>
to "<code data-x="">script</code>", and its <span
data-x="concept-request-nonce-metadata">cryptographic nonce metadata</span> to
<var>cryptographic nonce</var>.</p></li>

<li><p>If the caller specified custom steps to <span data-x="fetching-scripts-set-up-request">set
up the request</span>, perform them on <var>request</var>.</p></li>
Expand Down Expand Up @@ -85147,19 +85170,19 @@ interface <dfn>NavigatorOnLine</dfn> {
</ol>

<p>To <dfn>fetch a module script tree</dfn> given a <var>url</var>, a <var>credentials mode</var>,
a <var>destination</var>, a <var>settings object</var>, and an optional <var>ancestor list</var>,
run these steps. The algorithm will asynchronously complete with either null (on failure) or a
<span>module script</span> (on success).</p>
a <var>cryptographic nonce</var>, a <var>destination</var>, a <var>settings object</var>, and an
optional <var>ancestor list</var>, run these steps. The algorithm will asynchronously complete with
either null (on failure) or a <span>module script</span> (on success).</p>

<ol>
<li><p>If <var>ancestor list</var> is not given, let it be an empty list.</p></li>

<li><p><span>Fetch a single module script</span> given <var>url</var>, <var>credentials
mode</var>, <var>destination</var>, and <var>settings object</var>. If the caller of this
algorithm specified custom <span data-x="fetching-scripts-set-up-request">set up the
request</span> or <span data-x="fetching-scripts-validate-response">validate the response</span>
steps, pass those along while <span data-x="fetch a single module script">fetching a single
module script</span>.</p>
mode</var>, <var>cryptographic nonce</var>, <var>destination</var>, and <var>settings
object</var>. If the caller of this algorithm specified custom <span
data-x="fetching-scripts-set-up-request">set up the request</span> or <span
data-x="fetching-scripts-validate-response">validate the response</span> steps, pass those along
while <span data-x="fetch a single module script">fetching a single module script</span>.</p>

<li><p>Return from this algorithm and run the following steps when <span data-x="fetch a single
module script">fetching a single module script</span> asynchronously completes with
Expand Down Expand Up @@ -85226,8 +85249,10 @@ interface <dfn>NavigatorOnLine</dfn> {
<li>
<p>For each <var>url</var> in <var>urls</var>, <span>fetch a module script tree</span> given
<var>url</var>, <var>module script</var>'s <span
data-x="concept-module-script-credentials-mode">credentials mode</span>, <var>destination</var>,
<var>module script</var>'s <span>settings object</span>, and <var>ancestor list</var>.</p>
data-x="concept-module-script-credentials-mode">credentials mode</span>, <var>module
script</var>'s <span data-x="concept-module-script-nonce">cryptographic nonce</span>,
<var>destination</var>, <var>module script</var>'s <span>settings object</span>, and
<var>ancestor list</var>.</p>

<p class="note">It is intentional that no custom <span
data-x="fetching-scripts-set-up-request">set up the request</span> or <span
Expand All @@ -85245,9 +85270,9 @@ interface <dfn>NavigatorOnLine</dfn> {
</ol>

<p>To <dfn>fetch a single module script</dfn>, given a <var>url</var>, a <var>credentials
mode</var>, a <var>destination</var>, and a <var>settings object</var>, run these steps. The
algorithm will asynchronously complete with either null (on failure) or a <span>module
script</span> (on success).</p>
mode</var>, a <var>cryptographic nonce</var>, a <var>destination</var>, and a <var>settings
object</var>, run these steps. The algorithm will asynchronously complete with either null (on
failure) or a <span>module script</span> (on success).</p>

<ol>
<li><p>Let <var>module map</var> be <var>settings</var>'s <span>module map</span>.</p></li>
Expand All @@ -85268,7 +85293,8 @@ interface <dfn>NavigatorOnLine</dfn> {
data-x="concept-request-type">type</span> is "<code data-x="">script</code>", <span
data-x="concept-request-mode">mode</span> is "<code data-x="">cors</code>", <span
data-x="concept-request-credentials-mode">credentials mode</span> is <var>credentials
mode</var>, and <span data-x="concept-request-client">client</span> is
mode</var>, <span data-x="concept-request-nonce-metadata">cryptographic nonce metadata</span> is
<var>cryptographic nonce</var>, and <span data-x="concept-request-client">client</span> is
<var>settings object</var>.</p></li>

<li><p>If the caller specified custom steps to <span data-x="fetching-scripts-set-up-request">set
Expand Down Expand Up @@ -85318,7 +85344,8 @@ interface <dfn>NavigatorOnLine</dfn> {

<li><p>Let <var>module script</var> be the result of <span>creating a module script</span> given
<var>source text</var>, <var>settings object</var>, <var>response</var>'s <span
data-x="concept-response-url">url</span>, and <var>credentials mode</var>.</p></li>
data-x="concept-response-url">url</span>, <var>credentials mode</var>, and <var>cryptographic
nonce</var>.</p></li>

<li>
<p>Set the value of the entry in <var>module map</var> whose key is <var>url</var> to
Expand Down Expand Up @@ -85362,8 +85389,8 @@ interface <dfn>NavigatorOnLine</dfn> {
</ol>

<p>To <dfn data-x="creating a module script">create a module script</dfn>, given some script
source, an <span>environment settings object</span>, a script base URL, and a credentials
mode:</p>
source, an <span>environment settings object</span>, a script base URL, a credentials mode, and
a cryptographic nonce:</p>

<ol>

Expand Down Expand Up @@ -85398,6 +85425,9 @@ interface <dfn>NavigatorOnLine</dfn> {
<li><p>Set <var>script</var>'s <span data-x="concept-module-script-credentials-mode">credentials
mode</span> to the credentials mode provided.</p></li>

<li><p>Set <var>script</var>'s <span data-x="concept-module-script-nonce">cryptographic
nonce</span> to the cryptographic nonce provided.</p></li>

<li><p>Return <var>script</var>.</p></li>

</ol>
Expand Down Expand Up @@ -94566,7 +94596,8 @@ interface <dfn>WorkerGlobalScope</dfn> : <span>EventTarget</span> {

<dt>"<code data-x="">module</code>"</dt>
<dd><span>Fetch a module script tree</span> given <var>url</var>, the value of the <code
data-x="">credentials</code> member of <var>options</var>, <var>destination</var>, and
data-x="">credentials</code> member of <var>options</var>, the empty string (as no
<var>cryptographic nonce</var> is present for workers), <var>destination</var>, and
<var>settings object</var>.</dd>
</dl>

Expand Down