18277 2012-07-18 17:56:00 +0000 Consider mode being "No CORS" and URL is same-origin. The fetch results in a redirect whose URL is also same-origin. The spec says to apply the CORS "redirect steps". Shouldn't it do the redirect without CORS when it's same-origin? 2013-08-09 05:15:39 +0000 1 1 1 Unclassified HTML WG HTML5 spec unspecified Other other RESOLVED FIXED http://www.whatwg.org/specs/web-apps/current-work/#cors-enabled-fetch CR P3 normal --- 1 contributor silviapfeiffer1 fs mike odinho public-html-admin public-html-wg-issue-tracking robin zcorpan public-html-bugzilla oldest_to_newest 71020 0 contributor 2012-07-18 17:56:00 +0000 This was was cloned from bug 17317 as part of operation convergence. Originally filed: 2012-06-05 06:15:00 +0000 ================================================================================ #0 contributor@whatwg.org 2012-06-05 06:15:44 +0000 -------------------------------------------------------------------------------- Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/fetching-resources.html Multipage: http://www.whatwg.org/C#cors-enabled-fetch Complete: http://www.whatwg.org/c#cors-enabled-fetch Comment: Consider mode being "No CORS" and URL is same-origin. The fetch results in a redirect whose URL is also same-origin. The spec says to apply the CORS "redirect steps". Shouldn't it do the redirect without CORS when it's same-origin? Posted from: 85.227.152.202 by simonp@opera.com User agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.3; U; en) Presto/2.10.229 Version/11.64 ================================================================================ #1 Simon Pieters 2012-06-05 06:17:05 +0000 -------------------------------------------------------------------------------- (or mode being anything actually, since same-origin takes the first branch anyway) ================================================================================ #2 Simon Pieters 2012-07-03 12:26:00 +0000 -------------------------------------------------------------------------------- *** Bug 17478 has been marked as a duplicate of this bug. *** ================================================================================ #3 Simon Pieters 2012-07-03 12:27:07 +0000 -------------------------------------------------------------------------------- Even without the redirect, the spec seems to say to perform the resource sharing check for same-origin No CORS fetch, which is clearly wrong. ================================================================================ 90707 1 silviapfeiffer1 2013-07-13 09:13:39 +0000 Simon, the WHATWG bug for this is closed, but I don't seem to see that your concern was addressed. Do you still want the spec to clarify the CORS-enabled fetch algorithm? 91725 2 zcorpan 2013-08-07 12:51:39 +0000 I think it was fixed in http://html5.org/tools/web-apps-tracker?from=7296&to=7297 91821 3 silviapfeiffer1 2013-08-09 05:15:39 +0000 Thanks! EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the Editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the Tracker Issue; or you may create a Tracker Issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Accepted Change Description: https://github.com/w3c/html/commit/afc3217aad73870fe7f0e4fa492d054d67d27570 Rationale: accepted WHATWG bug fix