This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 18277 - Consider mode being "No CORS" and URL is same-origin. The fetch results in a redirect whose URL is also same-origin. The spec says to apply the CORS "redirect steps". Shouldn't it do the redirect without CORS when it's same-origin?
Summary: Consider mode being "No CORS" and URL is same-origin. The fetch results in a ...
Status: RESOLVED FIXED
Alias: None
Product: HTML WG
Classification: Unclassified
Component: HTML5 spec (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: ---
Assignee: Silvia Pfeiffer
QA Contact: HTML WG Bugzilla archive list
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords: CR
Depends on:
Blocks:
 
Reported: 2012-07-18 17:56 UTC by contributor
Modified: 2013-08-09 05:15 UTC (History)
7 users (show)

See Also:

Attachments

Description contributor 2012-07-18 17:56:00 UTC 
This was was cloned from bug 17317 as part of operation convergence.
Originally filed: 2012-06-05 06:15:00 +0000

================================================================================
 #0   contributor@whatwg.org                          2012-06-05 06:15:44 +0000 
--------------------------------------------------------------------------------
Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/fetching-resources.html
Multipage: http://www.whatwg.org/C#cors-enabled-fetch
Complete: http://www.whatwg.org/c#cors-enabled-fetch

Comment:
Consider mode being "No CORS" and URL is same-origin. The fetch results in a
redirect whose URL is also same-origin. The spec says to apply the CORS
"redirect steps". Shouldn't it do the redirect without CORS when it's
same-origin?

Posted from: 85.227.152.202 by simonp@opera.com
User agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.3; U; en) Presto/2.10.229 Version/11.64
================================================================================
 #1   Simon Pieters                                   2012-06-05 06:17:05 +0000 
--------------------------------------------------------------------------------
(or mode being anything actually, since same-origin takes the first branch anyway)
================================================================================
 #2   Simon Pieters                                   2012-07-03 12:26:00 +0000 
--------------------------------------------------------------------------------
*** Bug 17478 has been marked as a duplicate of this bug. ***
================================================================================
 #3   Simon Pieters                                   2012-07-03 12:27:07 +0000 
--------------------------------------------------------------------------------
Even without the redirect, the spec seems to say to perform the resource sharing check for same-origin No CORS fetch, which is clearly wrong.
================================================================================
Comment 1 Silvia Pfeiffer 2013-07-13 09:13:39 UTC 
Simon, the WHATWG bug for this is closed, but I don't seem to see that your concern was addressed. Do you still want the spec to clarify the CORS-enabled fetch algorithm?
Comment 2 Simon Pieters 2013-08-07 12:51:39 UTC 
I think it was fixed in http://html5.org/tools/web-apps-tracker?from=7296&to=7297
Comment 3 Silvia Pfeiffer 2013-08-09 05:15:39 UTC 
Thanks!

EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the Editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the Tracker Issue; or you may create a Tracker Issue
yourself, if you are able to do so. For more details, see this document:

   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Accepted
Change Description:
https://github.com/w3c/html/commit/afc3217aad73870fe7f0e4fa492d054d67d27570

Rationale: accepted WHATWG bug fix