From 6847cac335ac73792cea0ced77ff39956eac6603 Mon Sep 17 00:00:00 2001 From: Alexander Petros Date: Sun, 10 Nov 2024 23:18:05 -0500 Subject: [PATCH] Allow HTTP scheme fetches to make CORS preflight This allows navigations to make CORS preflight requests, if the navigation contains a request that is not safelisted. Navigation does not (yet) provide APIs for non-safelisted requests; this update to the fetch spec is a prerequisite for HTML spec changes that might add those APIs (i.e. PUT method support in forms). --- fetch.bs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fetch.bs b/fetch.bs index 6558d941..353ef8d7 100644 --- a/fetch.bs +++ b/fetch.bs @@ -5106,7 +5106,13 @@ steps:

When in doubt, return a network error.

HTTP(S) scheme -

Return the result of running HTTP fetch given fetchParams. +

+
    +

  1. Let forNavigation be true if mode is + navigate; false otherwise. +

  2. Return the result of running HTTP fetch given fetchParams and true if + request's mode is navigate, and false otherwise. +

  • Return a network error. @@ -5118,7 +5124,7 @@ steps:

    To HTTP fetch, given a fetch params -fetchParams and an optional boolean makeCORSPreflight (default false), run +fetchParams and an optional boolean allowCORS (default false), run these steps: @@ -5218,7 +5224,7 @@ these steps:

    1. -

      If makeCORSPreflight is true and one of these conditions is true: +

      If allowCORS is true and one of these conditions is true: