Fix non-fetch-scheme-params-initiator-origin assignment #9532
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
domfarolino
commented
Jul 18, 2023
| data-x="she-document-state">document state</span>'s <span | ||
| data-x="document-state-initiator-origin">initiator origin</span>.</p> | ||
|
|
||
| <p class="note">If <var>response</var> is a redirect, then <var>response</var>'s <span |
There was a problem hiding this comment.
See the OP for this. If this note is too heavy on the documentation let me know and I'll remove it, but since I have to think this through every time I read this algorithm, I figured it could be helpful.
There was a problem hiding this comment.
Since this is the only part of the platform that manually handles redirects, I think it's very reasonable to include this sort of thing.
domenic
approved these changes
Jul 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes #9517 by setting the
non-fetch-scheme-params-initiator-originmember to responseOrigin in #create-navigation-params-by-fetching. This allows#hand-off-to-external-softwareto show the origin of the last redirect in the chain that led to a non-fetch-scheme, which is what all browsers that display an origin-titled prompt do (Chrome & Firefox). Safari just seems to ask for general permission without mentioning which site is initiating, which is allowed per the spec.It took me a minute to confirm that responseOrigin was indeed the right origin to grab as a described above (I was initially worried that it included the response's location URL, which has no sensible "origin"). I always have to think that through when reading this algorithm, so this PR also adds a note to describe that responseOrigin has nothing to do with the "location URL".
It doesn't seem possible to test this with WPTs, which is also the case when we refactored much of the non-fetch-scheme params stuff in the navigation & session history rewrite #6315. Nevertheless this PR fixes a glaring issue in the non-fetch-scheme navigation path.
/browsing-the-web.html ( diff )