diff --git a/fetch.bs b/fetch.bs index adee889ba..365ab9910 100644 --- a/fetch.bs +++ b/fetch.bs @@ -1666,17 +1666,38 @@ of the target browsing context's active document environment settings object.

A request has an associated -window -("no-window", "client", or an -environment settings object whose -global object is a -{{Window}} object). Unless stated otherwise it is -"client". +traversable for user prompts, that is +"no-traversable", "client", or a traversable navigable. +Unless stated otherwise it is "client". + +

+

This is used to determine whether and where to show necessary UI for the request, such as + authentication prompts or client certificate dialogs. + +

+
"no-traversable" +
No UI is shown; usually the request fails with a network error. + +
"client" +
This value will automatically be changed to either "no-traversable" or to a + traversable navigable derived from the request's client during + fetching. This provides a convenient way for standards to not have to + explicitly set a request's traversable for user prompts. + +
a traversable navigable +
The UI shown will be associated with the browser interface elements that are displaying that + traversable navigable. +
+
-

The "client" value is changed to "no-window" or -request's client during fetching. It provides -a convenient way for standards to not have to explicitly set request's -window. +

When displaying a user interface associated with a request in that request's +traversable for user prompts, the user agent should update the address bar to +display something derived from the request's current URL (and not, e.g., leave +it at its previous value, derived from the URL of the request's initiator). Additionally, the user +agent should avoid displaying content from the request's initiator in the +traversable for user prompts, especially in the case of cross-origin requests. +Displaying a blank page behind such prompts is a good way to fulfill these requirements. Failing to +follow these guidelines can confuse users as to which origin is responsible for the prompt.

A request has an associated boolean keepalive. Unless stated otherwise it is @@ -4334,7 +4355,9 @@ the response. [[!HTTP-CACHING]]

  • request's mode is "same-origin", "cors", or "no-cors" -

  • request's window is an environment settings object +

  • request's client is not null, and request's + client's global object is a + {{Window}} object

  • request's method is `GET` @@ -4354,7 +4377,7 @@ the response. [[!HTTP-CACHING]] preloaded response candidate to response.

  • Let foundPreloadedResource be the result of invoking - consume a preloaded resource for request's window, given + consume a preloaded resource for request's client, given request's URL, request's destination, request's mode, request's credentials mode, request's integrity metadata, @@ -4439,15 +4462,36 @@ the response. [[!HTTP-CACHING]]

    To populate request from client given a request request:

      -

    1. If request's window is "client", then: set - request's window to request's client - if request's client's - global object is a {{Window}} object; otherwise - "no-window". - -

    2. If request's origin is "client", then set - request's origin to request's client's - origin. +

    3. +

      If request's traversable for user prompts is "client": + +

        +

      1. Set request's traversable for user prompts to + "no-traversable". + +

      2. +

        If request's client is non-null: + +

          +

        1. Let global be request's client's + global object. + +

        2. If global is a {{Window}} object and global's + navigable is not null, then set request's + traversable for user prompts to global's + navigable's traversable navigable. +

        +
      + +
    4. +

      If request's origin is "client": + +

        +

      1. Assert: request's client is non-null. + +

      2. Set request's origin to request's + client's origin. +

    5. If request's policy container is "client": @@ -5517,10 +5561,11 @@ run these steps: canceled:

        -

      1. If request's window is "no-window" and - request's redirect mode is "error", then set - httpFetchParams to fetchParams and httpRequest to - request. +

      2. +

        If request's traversable for user prompts is + "no-traversable" and request's redirect mode is + "error", then set httpFetchParams to fetchParams and + httpRequest to request.

      3. Otherwise: @@ -5541,6 +5586,12 @@ run these steps: httpRequest.

      +

      If user prompts or redirects are possible, then the user agent might need to + re-send the request with a new set of headers after the user answers the prompt or the redirect + location is determined. At that time, the original request body might have been partially sent + already, so we need to clone the request (including the body) beforehand so that we have a + spare copy available. +

    6. Let includeCredentials be true if one of @@ -5919,8 +5970,8 @@ run these steps:

    7. If response's status is 401, httpRequest's response tainting is not "cors", includeCredentials is - true, and request's window is an environment settings object, - then: + true, and request's traversable for user prompts is a + traversable navigable:

      1. Needs testing: multiple `WWW-Authenticate` headers, missing, @@ -5948,7 +5999,7 @@ run these steps:

      2. Let username and password be the result of prompting the end user for a username and password, respectively, in request's - window. + traversable for user prompts.

      3. Set the username given request's current URL and username. @@ -5965,8 +6016,8 @@ run these steps:

        If response's status is 407, then:

          -

        1. If request's window is - "no-window", then return a network error. +

        2. If request's traversable for user prompts is + "no-traversable", then return a network error.

        3. Needs testing: multiple `Proxy-Authenticate` headers, missing, parsing issues. @@ -5976,7 +6027,7 @@ run these steps:

        4. Prompt the end user as appropriate in request's - window and store the result as a + traversable for user prompts and store the result as a proxy-authentication entry. [[!HTTP]]

          Remaining details surrounding proxy authentication are defined by HTTP. @@ -6156,10 +6207,9 @@ optional boolean forceNewConnection (default false), run these steps:

          If the HTTP request results in a TLS client certificate dialog, then:

            -

          1. If request's window - is an environment settings object, make the dialog - available in request's - window. +

          2. If request's traversable for user prompts is a + traversable navigable, then make the dialog available in request's + traversable for user prompts.

          3. Otherwise, return a network error.

          @@ -7741,19 +7791,19 @@ constructor steps are:

        5. Let origin be this's relevant settings object's origin. -

        6. Let window be "client". +

        7. Let traversableForUserPrompts be "client". -

        8. If request's window is - an environment settings object and its +

        9. If request's traversable for user prompts + is an environment settings object and its origin is same origin with - origin, then set window to request's - window. + origin, then set traversableForUserPrompts to + request's traversable for user prompts.

        10. If init["{{RequestInit/window}}"] exists and is non-null, then throw a {{TypeError}}.

        11. If init["{{RequestInit/window}}"] exists, then set - window to "no-window". + traversableForUserPrompts to "no-traversable".

        12. Set request to a new request with the following properties: @@ -7774,8 +7824,8 @@ constructor steps are:

          client
          This's relevant settings object. -
          window -
          window. +
          traversable for user prompts +
          traversableForUserPrompts.
          internal priority
          request's internal priority.