diff --git a/fetch.bs b/fetch.bs index e3bef0878..72eb3db5c 100644 --- a/fetch.bs +++ b/fetch.bs @@ -2230,6 +2230,9 @@ or "object". return true:
    +
  1. Assert: request's origin is not + "client". +

  2. Let lastURL be null.

  3. @@ -2255,6 +2258,9 @@ return true: run these steps:
      +
    1. Assert: request's origin is not + "client". +

    2. If request has a redirect-tainted origin, then return "null". @@ -2350,6 +2356,9 @@ source of security bugs. Please seek security review for features that deal with request request, run these steps:

        +
      1. Assert: request's origin is not + "client". +

      2. If request's mode is not "no-cors", then return true.

        @@ -3309,6 +3318,9 @@ request header indicates where a given a request request, run these steps:
          +
        1. Assert: request's origin is not + "client". +

        2. Let serializedOrigin be the result of byte-serializing a request origin with request. @@ -6632,6 +6644,9 @@ agent's CORS-preflight cache for which there is a cache entry matchresponse, run these steps:

            +
          1. Assert: request's origin is not + "client". +

          2. If request's timing allow failed flag is set, then return failure. @@ -9189,6 +9204,7 @@ Shivani Sharma, Sigbjørn Finne, Simon Pieters, Simon Sapin, +Simon Wülker, Srirama Chandra Sekhar Mogali, Stephan Paul, Steven Salat,