Skip to content

Commit b3257d7

Browse files
mkruisselbrinkmkruisselbrink
committed
Add secure context requirement to link header processing.
1 parent 544d3fb commit b3257d7

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

spec/service_worker/index.html

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1670,6 +1670,8 @@ <h1>Processing</h1>
16701670
<li>If the <code>Link</code> header has an "<code>anchor</code>" parameter, abort these steps.</li>
16711671
<li>Let <var>contextURL</var> be the result of <a href="https://url.spec.whatwg.org/#concept-url-parser">parsing</a> the <a href="https://tools.ietf.org/html/rfc5988#section-5.2">context IRI</a> of the <code>Link</code> header.</li>
16721672
<li>If the result of running <a href="https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy">Is origin potentially trustworthy</a> with the <a href="https://html.spec.whatwg.org/multipage/browsers.html#origin-2">origin</a> of <var>contextURL</var> is <code>Not Trusted</code>, abort these steps.</li>
1673+
<li>Let <var>request</var> be the <a href="https://fetch.spec.whatwg.org/#concept-request">request</a> for which this header was received in the response.</li>
1674+
<li>If <var>request</var>'s <a href="https://fetch.spec.whatwg.org/#concept-request-client">client</a> is not a <a href="https://w3c.github.io/webappsec-secure-contexts/#secure-context">secure context</a>, abort these steps.</li>
16731675
<li>Let <var>scriptURL</var> be the result of <a href="https://url.spec.whatwg.org/#concept-url-parser">parsing</a> the <a href="https://tools.ietf.org/html/rfc5988#section-5.1">target IRI</a> of the <code>Link</code> header.</li>
16741676
<li>Let <var>scopeURL</var> be the <a href="link-scope-attribute">scope</a> <a href="https://tools.ietf.org/html/rfc5988#section-5.4">target attribute</a> of the <code>Link</code> header, or null if no such attribute is present.</li>
16751677
<li>Invoke <a href="#start-register-algorithm">Start Register</a> with <var>scopeURL</var>, <var>scriptURL</var>, a new <a href="http://www.ecma-international.org/ecma-262/6.0/#sec-promise-objects">promise</a>, null, and <var>contextURL</var>'s <a href="https://html.spec.whatwg.org/multipage/browsers.html#origin-2">origin</a>.</li>

0 commit comments

Comments
 (0)