From ed892885a0d329406398db8d5288b90e927c23b8 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Tue, 8 Apr 2025 05:31:47 -0700
Subject: [PATCH 01/19] Integrity Policy header

---
 index.bs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/index.bs b/index.bs
index 1502f61..d54227a 100644
--- a/index.bs
+++ b/index.bs
@@ -44,9 +44,17 @@ spec: SHA2; urlPrefix: https://csrc.nist.gov/publications/fips/fips180-4/fips-18
     text: SHA-256; url: #
     text: SHA-384; url: #
     text: SHA-512; url: #
+
 spec: RFC8288; urlPrefix: https://tools.ietf.org/html/rfc8288
   type: http-header
     text: link
+
+spec RFC9651; urlPrefix: https://tools.ietf.org/html/rfc9651
+  type: dfn
+    text: Dictionary; url: name-dictionaries
+    text: inner list; url: name-inner-lists
+    text: token; url: name-tokens
+
 </pre>
 <pre class="link-defaults">
 spec:csp3; type:grammar; text:base64-value
@@ -485,6 +493,15 @@ spec:csp3; type:grammar; text:base64-value
   failed resource with a different one.
 
   <!-- ####################################################################### -->
+  
+  ## Integrity-Policy ## {#integrity-policy}
+  The `Integrity-Policy` HTTP header enables a document to enforce a policy regarding
+  the integrity metadata requirements on all the subresources it loads of certain
+  destinations.
+
+  It is a <a>Dictionary</a> [[RFC9651]], with every member-value being an
+  <a>inner list</a> of <a>tokens</a>.
+  
 
   # Proxies # {#proxies}
 

From d7ed19e6541a4b0b3682ac9280075ff13f050714 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Tue, 15 Apr 2025 14:46:56 +0200
Subject: [PATCH 02/19] Got a rough outline

---
 index.bs | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 59 insertions(+), 5 deletions(-)

diff --git a/index.bs b/index.bs
index d54227a..2fd8c1a 100644
--- a/index.bs
+++ b/index.bs
@@ -49,7 +49,7 @@ spec: RFC8288; urlPrefix: https://tools.ietf.org/html/rfc8288
   type: http-header
     text: link
 
-spec RFC9651; urlPrefix: https://tools.ietf.org/html/rfc9651
+spec: RFC9651; urlPrefix: https://tools.ietf.org/html/rfc9651
   type: dfn
     text: Dictionary; url: name-dictionaries
     text: inner list; url: name-inner-lists
@@ -495,13 +495,67 @@ spec:csp3; type:grammar; text:base64-value
   <!-- ####################################################################### -->
   
   ## Integrity-Policy ## {#integrity-policy}
-  The `Integrity-Policy` HTTP header enables a document to enforce a policy regarding
-  the integrity metadata requirements on all the subresources it loads of certain
-  destinations.
+  The `Integrity-Policy` and `Integrity-Policy-Report-Only` HTTP headers enable a document to
+  enforce a policy regarding the integrity metadata requirements on all the subresources it
+  loads of certain <a>destinations</a>.
 
-  It is a <a>Dictionary</a> [[RFC9651]], with every member-value being an
+  The headers' value is a <a>Dictionary</a> [[RFC9651]], with every member-value being an
   <a>inner list</a> of <a>tokens</a>.
   
+  An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
+    * <dfn>enforcement</dfn>, a string which is the empty string or "block". Initially "block".
+    * <dfn>source</dfn>, a string which is the empty string or "inline". Initially "inline".
+    * <dfn>destination</dfn>, a string which is the empty string or "script". Initially the empty string.
+    * <dfn>endpoints</dfn>, a <a>list</a> of strings, initially empty.
+
+  When <dfn>processing an integrity policy</dfn>, with |value|, do the following:
+  1) Let |integrity policy| be a new <a>integrity policy struct</a>.
+  1) Let <var>dictionary</var> be the result of <a>parsing a dictionary</a> with |input|.
+  1) If dictionary['enforcement'] exists:
+    1) If its value is "block", set |integrity policy|'s |enforcement| to "block".
+    1) Otherwise, set |integrity policy|'s |enforcement| to the empty string.
+  1) If dictionary['sources'] exists:
+    1) If its value <a>contains</a> "inline", set |integrity policy|'s |source| to "inline".
+    1) Otherwise, set |integrity policy|'s |source| to the empty string.
+  1) If dictionary['destinations'] exists:
+    1) If its value <a>contains</a> "script", set |integrity policy|'s |destination| to "script".
+  1) if dictionary['endpoints'] exists:
+    1) Set |integrity policy|'s |endpoints| to dictionary['endpoints'].
+  1) return |integrity policy|
+  
+  Each <a>Document</a> has an <dfn>integrity policy</dfn>, an <a>integrity policy struct</a>.
+  Each <a>Document</a> has an <dfn>integrity policy report only</dfn>, an <a>integrity policy struct</a>.
+
+  ### Parse Integrity-Policy headers
+  Given a <a>response<a> |response| and a <a>Document</a> |document|, do the following:
+  1) Let |headers| be |response|'s <a>header list</a>.
+  1) If |headers| <a>contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy",
+     let |document|'s <a>integrity policy</a> be the result of running <a>processing an integrity policy</a>
+     with the corresponding <a>header value</a>.
+  1) If |headers| <a>contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy-Report-Only",
+     let |document|'s <a>integrity policy report only</a> be the result of running <a>processing an integrity
+     policy</a> with the corresponding <a>header value</a>.
+  
+  ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy}
+  Given a <a>request</a> |request| and a <a>Document</a> |document|, do the following:
+  1) if |request|'s <a>integrity metadata</a> is not empty, return false.
+  1) Let |policy| be |document|'s <a>integrity policy</a>.
+  1) Let |report policy| be |document|'s <a>integrity policy report only</a>.
+  1) Let |block| be a boolean, initially false.
+  1) Let |report block| be a boolean, initially false.
+  1) if |policy|'s <a>enforcement</a> is "block" and |policy|'s <a>source</a> is "inline" and |policy|'s
+     <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set |block| to true.
+  1) if |report policy|'s <a>enforcement</a> is "block" and |report policy|'s <a>source</a> is "inline"
+     and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set
+    |report block| to true.
+  1) If |block| or |report block|, <a>fire a violation event</a>.
+  1) If |block|, <a>report violation</a> with |policy|'s <a>endpoints</a>.
+  1) If |report block|, <a>report violation</a> with |report policy|'s <a>endpoints</a>.
+ 
+  ### Fire a violation event ### {#fire-violation-event}
+  ### Report violatoin ### {#report-violation}
+
+  ### Fetch integration ### {#fetch-integration}
 
   # Proxies # {#proxies}
 

From 4284d8908b381ae955362426e75a8999b058baf5 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Tue, 15 Apr 2025 15:43:42 +0200
Subject: [PATCH 03/19] Got most of it

---
 index.bs | 87 ++++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 27 deletions(-)

diff --git a/index.bs b/index.bs
index 2fd8c1a..94b9354 100644
--- a/index.bs
+++ b/index.bs
@@ -32,6 +32,22 @@ spec: ABNF; urlPrefix: https://tools.ietf.org/html/rfc5234
     text: VCHAR; url: appendix-B.1
     text: WSP; url: appendix-B.1
 
+spec: INFRA; urlPrefix: https://infra.spec.whatwg.org
+  type: dfn
+    text: list; url: list
+
+spec: HTML; urlPrefix: https://html.spec.whatwg.org/C
+  type: dfn
+    text: policy container; url: policy-container
+
+spec: FETCH; urlPrefix: https://fetch.spec.whatwg.org/
+  type: dfn
+    text: request; url: concept-request 
+    text: response; url: concept-response 
+    text: header list; url: concept-response-header-list
+    text: header; url: concept-header
+    text: main fetch; url: main-fetch
+
 spec: RFC7234; urlPrefix: https://tools.ietf.org/html/rfc7234
   type: dfn
     text: Cache-Control; url: section-5.2
@@ -54,6 +70,7 @@ spec: RFC9651; urlPrefix: https://tools.ietf.org/html/rfc9651
     text: Dictionary; url: name-dictionaries
     text: inner list; url: name-inner-lists
     text: token; url: name-tokens
+    text: parsing a dictionary; url: name-parsing-a-dictionary
 
 </pre>
 <pre class="link-defaults">
@@ -494,7 +511,7 @@ spec:csp3; type:grammar; text:base64-value
 
   <!-- ####################################################################### -->
   
-  ## Integrity-Policy ## {#integrity-policy}
+  ## Integrity-Policy ## {#integrity-policy-section}
   The `Integrity-Policy` and `Integrity-Policy-Report-Only` HTTP headers enable a document to
   enforce a policy regarding the integrity metadata requirements on all the subresources it
   loads of certain <a>destinations</a>.
@@ -508,39 +525,39 @@ spec:csp3; type:grammar; text:base64-value
     * <dfn>destination</dfn>, a string which is the empty string or "script". Initially the empty string.
     * <dfn>endpoints</dfn>, a <a>list</a> of strings, initially empty.
 
-  When <dfn>processing an integrity policy</dfn>, with |value|, do the following:
+  When <dfn>processing an integrity policy</dfn>, with |input|, do the following:
   1) Let |integrity policy| be a new <a>integrity policy struct</a>.
-  1) Let <var>dictionary</var> be the result of <a>parsing a dictionary</a> with |input|.
-  1) If dictionary['enforcement'] exists:
-    1) If its value is "block", set |integrity policy|'s |enforcement| to "block".
-    1) Otherwise, set |integrity policy|'s |enforcement| to the empty string.
-  1) If dictionary['sources'] exists:
-    1) If its value <a>contains</a> "inline", set |integrity policy|'s |source| to "inline".
-    1) Otherwise, set |integrity policy|'s |source| to the empty string.
-  1) If dictionary['destinations'] exists:
-    1) If its value <a>contains</a> "script", set |integrity policy|'s |destination| to "script".
-  1) if dictionary['endpoints'] exists:
-    1) Set |integrity policy|'s |endpoints| to dictionary['endpoints'].
+  1) Let |dictionary| be the result of <a>parsing a dictionary</a> with |input|.
+  1) If |dictionary|['enforcement'] exists:
+    1) If its value is "block", set |integrity policy|'s <a>enforcement</a> to "block".
+    1) Otherwise, set |integrity policy|'s <a>enforcement</a> to the empty string.
+  1) If |dictionary|['sources'] exists:
+    1) If its value <a>contains</a> "inline", set |integrity policy|'s <a>source</a> to "inline".
+    1) Otherwise, set |integrity policy|'s <a>source</a> to the empty string.
+  1) If |dictionary|['destinations'] exists:
+    1) If its value <a>contains</a> "script", set |integrity policy|'s <a>destination</a> to "script".
+  1) if |dictionary|['endpoints'] exists:
+    1) Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
   1) return |integrity policy|
   
-  Each <a>Document</a> has an <dfn>integrity policy</dfn>, an <a>integrity policy struct</a>.
-  Each <a>Document</a> has an <dfn>integrity policy report only</dfn>, an <a>integrity policy struct</a>.
-
-  ### Parse Integrity-Policy headers
-  Given a <a>response<a> |response| and a <a>Document</a> |document|, do the following:
+  ### Parse Integrity-Policy headers ### {#parse-integrity-policy-headers-section}
+  To <dfn>parse Integrity-Policy headers</dfn>, given a <a>Response</a> |response|
+  and a <a>policy container</a> |container|, do the following:
   1) Let |headers| be |response|'s <a>header list</a>.
   1) If |headers| <a>contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy",
-     let |document|'s <a>integrity policy</a> be the result of running <a>processing an integrity policy</a>
+     let |container|'s <a>integrity policy</a> be the result of running <a>processing an integrity policy</a>
      with the corresponding <a>header value</a>.
   1) If |headers| <a>contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy-Report-Only",
-     let |document|'s <a>integrity policy report only</a> be the result of running <a>processing an integrity
+     let |container|'s <a>report only integrity policy</a> be the result of running <a>processing an integrity
      policy</a> with the corresponding <a>header value</a>.
   
-  ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy}
-  Given a <a>request</a> |request| and a <a>Document</a> |document|, do the following:
-  1) if |request|'s <a>integrity metadata</a> is not empty, return false.
-  1) Let |policy| be |document|'s <a>integrity policy</a>.
-  1) Let |report policy| be |document|'s <a>integrity policy report only</a>.
+  ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy-section}
+  To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a>request</a> |request|,
+  do the following:
+  1) Let |policy container| be |request|'s <a>policy container</a>.
+  1) if |request|'s <a>integrity metadata</a> is not empty, return "Allowed".
+  1) Let |policy| be |policy container|'s <a>integrity policy</a>.
+  1) Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
   1) Let |block| be a boolean, initially false.
   1) Let |report block| be a boolean, initially false.
   1) if |policy|'s <a>enforcement</a> is "block" and |policy|'s <a>source</a> is "inline" and |policy|'s
@@ -551,11 +568,27 @@ spec:csp3; type:grammar; text:base64-value
   1) If |block| or |report block|, <a>fire a violation event</a>.
   1) If |block|, <a>report violation</a> with |policy|'s <a>endpoints</a>.
   1) If |report block|, <a>report violation</a> with |report policy|'s <a>endpoints</a>.
+  1) If |block|, return "Blocked". Otherwise, return "Allowed".
  
   ### Fire a violation event ### {#fire-violation-event}
-  ### Report violatoin ### {#report-violation}
+  To <dfn>fire a violation event</dfn>, do the following:
+  1) TODO
+
+  ### Report violation ### {#report-violation-section}
+  To <dfn>report violation</dfn> given a <a>list</a> |endpoints|, do the following:
+  1) TODO do something with |endpoints|
+
+  ### Integration ### {#integration}
+
+  A <a>policy container</a> has extra items:
+  * <dfn>integrity policy</dfn>, an <a>integrity policy struct</a>.
+  * <dfn>report only integrity policy</dfn>, an <a>integrity policy struct</a>.
+
+  Add an extra step to <a>create a policy container from a fetch response</a> before it returns, that runs
+  <a>parse Integrity-Policy headers</a> with <var ignore>response</var> and <var ignore>result</var>.
 
-  ### Fetch integration ### {#fetch-integration}
+  Expand step 7 of <a>main fetch</a> to call <a>should request be blocked by integrity policy</a>
+  and return a <a>network error</a> if it returns "blocked"
 
   # Proxies # {#proxies}
 

From dc5175162f79452d60c31cf92bc849a9b93e8cde Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 16 Apr 2025 11:07:32 +0200
Subject: [PATCH 04/19] Review comments

---
 index.bs | 73 +++++++++++++++++++++++++++++++-------------------------
 1 file changed, 41 insertions(+), 32 deletions(-)

diff --git a/index.bs b/index.bs
index 94b9354..38688fc 100644
--- a/index.bs
+++ b/index.bs
@@ -519,68 +519,77 @@ spec:csp3; type:grammar; text:base64-value
   The headers' value is a <a>Dictionary</a> [[RFC9651]], with every member-value being an
   <a>inner list</a> of <a>tokens</a>.
   
+  A <dfn>source</dfn> is a string. The only possible value for it is "inline".
+  A <dfn>destination</dfn> is a string. The only possible value for it is "script".
+
   An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
+
     * <dfn>enforcement</dfn>, a string which is the empty string or "block". Initially "block".
-    * <dfn>source</dfn>, a string which is the empty string or "inline". Initially "inline".
-    * <dfn>destination</dfn>, a string which is the empty string or "script". Initially the empty string.
+    * <dfn>sources</dfn>, a list of <a>source</a>s, Initially empty.
+    * <dfn>destinations</dfn>, a list of <a>destination</a>s, Initially empty.
     * <dfn>endpoints</dfn>, a <a>list</a> of strings, initially empty.
 
   When <dfn>processing an integrity policy</dfn>, with |input|, do the following:
-  1) Let |integrity policy| be a new <a>integrity policy struct</a>.
-  1) Let |dictionary| be the result of <a>parsing a dictionary</a> with |input|.
-  1) If |dictionary|['enforcement'] exists:
-    1) If its value is "block", set |integrity policy|'s <a>enforcement</a> to "block".
-    1) Otherwise, set |integrity policy|'s <a>enforcement</a> to the empty string.
-  1) If |dictionary|['sources'] exists:
-    1) If its value <a>contains</a> "inline", set |integrity policy|'s <a>source</a> to "inline".
-    1) Otherwise, set |integrity policy|'s <a>source</a> to the empty string.
-  1) If |dictionary|['destinations'] exists:
-    1) If its value <a>contains</a> "script", set |integrity policy|'s <a>destination</a> to "script".
-  1) if |dictionary|['endpoints'] exists:
-    1) Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
-  1) return |integrity policy|
+
+  1. Let |integrity policy| be a new <a>integrity policy struct</a>.
+  1. Let |dictionary| be the result of <a>parsing a dictionary</a> with |input|.
+  1. If |dictionary|['enforcement'] exists:
+    1. If its value is "block", set |integrity policy|'s <a>enforcement</a> to "block".
+    1. Otherwise, set |integrity policy|'s <a>enforcement</a> to the empty string.
+  1. If |dictionary|['sources'] does not exist or if its value does not <a for=list>contain</a> "inline",
+     <a for=list>append</a> "inline" to |integrity policy|'s <a>sources</a>.
+  1. If |dictionary|['destinations'] exists:
+    1. If its value <a for=list>contains</a> "script", set |integrity policy|'s <a>destinations</a> to "script".
+  1. if |dictionary|['endpoints'] exists:
+    1. Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
+  1. return |integrity policy|
   
   ### Parse Integrity-Policy headers ### {#parse-integrity-policy-headers-section}
   To <dfn>parse Integrity-Policy headers</dfn>, given a <a>Response</a> |response|
   and a <a>policy container</a> |container|, do the following:
-  1) Let |headers| be |response|'s <a>header list</a>.
-  1) If |headers| <a>contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy",
+
+  1. Let |headers| be |response|'s <a>header list</a>.
+  1. If |headers| <a for="header list">contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy",
      let |container|'s <a>integrity policy</a> be the result of running <a>processing an integrity policy</a>
      with the corresponding <a>header value</a>.
-  1) If |headers| <a>contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy-Report-Only",
+  1. If |headers| <a for="header list">contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy-Report-Only",
      let |container|'s <a>report only integrity policy</a> be the result of running <a>processing an integrity
      policy</a> with the corresponding <a>header value</a>.
   
   ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy-section}
   To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a>request</a> |request|,
   do the following:
-  1) Let |policy container| be |request|'s <a>policy container</a>.
-  1) if |request|'s <a>integrity metadata</a> is not empty, return "Allowed".
-  1) Let |policy| be |policy container|'s <a>integrity policy</a>.
-  1) Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
-  1) Let |block| be a boolean, initially false.
-  1) Let |report block| be a boolean, initially false.
-  1) if |policy|'s <a>enforcement</a> is "block" and |policy|'s <a>source</a> is "inline" and |policy|'s
+
+  1. Let |policy container| be |request|'s <a>policy container</a>.
+  1. if |request|'s <a>integrity metadata</a> is not empty, return "Allowed".
+  1. Let |policy| be |policy container|'s <a>integrity policy</a>.
+  1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
+  1. Let |block| be a boolean, initially false.
+  1. Let |report block| be a boolean, initially false.
+  1. if |policy|'s <a>enforcement</a> is "block" and |policy|'s <a>source</a> is "inline" and |policy|'s
      <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set |block| to true.
-  1) if |report policy|'s <a>enforcement</a> is "block" and |report policy|'s <a>source</a> is "inline"
+  1. if |report policy|'s <a>enforcement</a> is "block" and |report policy|'s <a>source</a> is "inline"
      and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set
     |report block| to true.
-  1) If |block| or |report block|, <a>fire a violation event</a>.
-  1) If |block|, <a>report violation</a> with |policy|'s <a>endpoints</a>.
-  1) If |report block|, <a>report violation</a> with |report policy|'s <a>endpoints</a>.
-  1) If |block|, return "Blocked". Otherwise, return "Allowed".
+  1. If |block| or |report block|, <a>fire a violation event</a>.
+  1. If |block|, <a>report violation</a> with |policy|'s <a>endpoints</a>.
+  1. If |report block|, <a>report violation</a> with |report policy|'s <a>endpoints</a>.
+  1. If |block|, return "Blocked". Otherwise, return "Allowed".
  
   ### Fire a violation event ### {#fire-violation-event}
   To <dfn>fire a violation event</dfn>, do the following:
-  1) TODO
+
+  1. TODO
 
   ### Report violation ### {#report-violation-section}
   To <dfn>report violation</dfn> given a <a>list</a> |endpoints|, do the following:
-  1) TODO do something with |endpoints|
+
+  1. TODO do something with |endpoints|
 
   ### Integration ### {#integration}
 
   A <a>policy container</a> has extra items:
+
   * <dfn>integrity policy</dfn>, an <a>integrity policy struct</a>.
   * <dfn>report only integrity policy</dfn>, an <a>integrity policy struct</a>.
 

From bea33f05284008de6427d64d9372c9511676470b Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 16 Apr 2025 12:37:33 +0200
Subject: [PATCH 05/19] Fire an event

---
 index.bs | 38 +++++++++++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/index.bs b/index.bs
index 38688fc..25ba4bf 100644
--- a/index.bs
+++ b/index.bs
@@ -32,6 +32,14 @@ spec: ABNF; urlPrefix: https://tools.ietf.org/html/rfc5234
     text: VCHAR; url: appendix-B.1
     text: WSP; url: appendix-B.1
 
+spec: CSP; urlPrefix: https://www.w3.org/TR/CSP3/
+  type: dfn
+    text: strip url for use in reports; url: strip-url-for-use-in-reports
+
+spec: DOM; urlPrefix: https://dom.spec.whatwg.org/
+  type: dfn
+    text: document url; url: concept-document-url
+
 spec: INFRA; urlPrefix: https://infra.spec.whatwg.org
   type: dfn
     text: list; url: list
@@ -39,6 +47,8 @@ spec: INFRA; urlPrefix: https://infra.spec.whatwg.org
 spec: HTML; urlPrefix: https://html.spec.whatwg.org/C
   type: dfn
     text: policy container; url: policy-container
+    text: global object; url: global-object
+    text: window; url: window
 
 spec: FETCH; urlPrefix: https://fetch.spec.whatwg.org/
   type: dfn
@@ -571,15 +581,37 @@ spec:csp3; type:grammar; text:base64-value
   1. if |report policy|'s <a>enforcement</a> is "block" and |report policy|'s <a>source</a> is "inline"
      and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set
     |report block| to true.
-  1. If |block| or |report block|, <a>fire a violation event</a>.
+  1. If |block| or |report block|, <a>fire a violation event</a> with |request|.
   1. If |block|, <a>report violation</a> with |policy|'s <a>endpoints</a>.
   1. If |report block|, <a>report violation</a> with |report policy|'s <a>endpoints</a>.
   1. If |block|, return "Blocked". Otherwise, return "Allowed".
  
   ### Fire a violation event ### {#fire-violation-event}
-  To <dfn>fire a violation event</dfn>, do the following:
 
-  1. TODO
+  <pre class="idl">
+
+    [Exposed=(Window,Worker)]
+    interface IntegrityPolicyViolationEvent : Event {
+        constructor(DOMString type, optional IntegrityPolicyViolationEventInit eventInitDict = {});
+        readonly    attribute USVString      documentURI;
+        readonly    attribute USVString      blockedURI;
+    };
+    dictionary IntegrityPolicyViolationEventInit : EventInit {
+        USVString      documentURI = "";
+        USVString      blockedURI = "";
+    };
+  </pre>
+
+  To <dfn>fire a violation event</dfn> given a <a>Request</a> |request|, do the following:
+
+  1. Assert that |request|'s <a for=request>client</a> is not null.
+  1. Let |global| be |request|'s <a for=request>client</a>'s <a>global object</a>.
+  1. Assert that |global| is a <a>Window</a>.
+  1. Let |target| be |global|'s <a>associated Document</a>.
+  1. Let |documentURI| be the result of <a>strip URL for use in reports</a> on |target|'s <a>document URL</a>.
+  1. Let |blockedURI| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
+  1. <a>Fire an event</a> names "integritypolicyviolation" that uses the `IntegrityPolicyViolationEvent`
+     interface at |target|, with its attributes initiaized to |documentURI| and |blockedURI|.
 
   ### Report violation ### {#report-violation-section}
   To <dfn>report violation</dfn> given a <a>list</a> |endpoints|, do the following:

From 0bf7b1e9c4cc417a11e949d6eea5505fd467f368 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 16 Apr 2025 13:19:32 +0200
Subject: [PATCH 06/19] Send reports

---
 index.bs | 71 ++++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 53 insertions(+), 18 deletions(-)

diff --git a/index.bs b/index.bs
index 25ba4bf..39eb054 100644
--- a/index.bs
+++ b/index.bs
@@ -581,42 +581,77 @@ spec:csp3; type:grammar; text:base64-value
   1. if |report policy|'s <a>enforcement</a> is "block" and |report policy|'s <a>source</a> is "inline"
      and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set
     |report block| to true.
-  1. If |block| or |report block|, <a>fire a violation event</a> with |request|.
-  1. If |block|, <a>report violation</a> with |policy|'s <a>endpoints</a>.
-  1. If |report block|, <a>report violation</a> with |report policy|'s <a>endpoints</a>.
+  1. If |block| or |report block|, <a>report violation</a> with |request|, |block|, |report block|,
+     |policy| and |report policy|.
   1. If |block|, return "Blocked". Otherwise, return "Allowed".
  
-  ### Fire a violation event ### {#fire-violation-event}
+  ### Report violations ### {#report-violations}
 
   <pre class="idl">
 
     [Exposed=(Window,Worker)]
     interface IntegrityPolicyViolationEvent : Event {
         constructor(DOMString type, optional IntegrityPolicyViolationEventInit eventInitDict = {});
-        readonly    attribute USVString      documentURI;
-        readonly    attribute USVString      blockedURI;
+        readonly    attribute USVString      documentURL;
+        readonly    attribute USVString      blockedURL;
     };
     dictionary IntegrityPolicyViolationEventInit : EventInit {
-        USVString      documentURI = "";
-        USVString      blockedURI = "";
+        USVString      documentURL = "";
+        USVString      blockedURL = "";
     };
   </pre>
 
-  To <dfn>fire a violation event</dfn> given a <a>Request</a> |request|, do the following:
+  <pre class="idl">
+    [Exposed=Window]
+    interface IntegrityPolicyViolationReportBody : ReportBody {
+      [Default] object toJSON();
+      readonly attribute USVString documentURL;
+      readonly attribute USVString? blockedURL;
+    };
+  </pre>
+
+  To <dfn>report violation</dfn> given a <a>Request</a> |request|, a boolean |block|,
+  a boolean |report block|, an <a>integrity policy struct</a> |policy|,
+  and an <a>integrity policy struct</a> |report policy|, do the following:
 
   1. Assert that |request|'s <a for=request>client</a> is not null.
-  1. Let |global| be |request|'s <a for=request>client</a>'s <a>global object</a>.
+  1. Let |settings object| be |request|'s <a for=request>client</a>.
+  1. Let |global| be |settings object|'s <a>global object</a>.
   1. Assert that |global| is a <a>Window</a>.
   1. Let |target| be |global|'s <a>associated Document</a>.
-  1. Let |documentURI| be the result of <a>strip URL for use in reports</a> on |target|'s <a>document URL</a>.
-  1. Let |blockedURI| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
+  1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |target|'s <a>document URL</a>.
+  1. Let |blocked URL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
   1. <a>Fire an event</a> names "integritypolicyviolation" that uses the `IntegrityPolicyViolationEvent`
-     interface at |target|, with its attributes initiaized to |documentURI| and |blockedURI|.
-
-  ### Report violation ### {#report-violation-section}
-  To <dfn>report violation</dfn> given a <a>list</a> |endpoints|, do the following:
-
-  1. TODO do something with |endpoints|
+     interface at |target|, with its attributes initiaized as follows:
+              :   {{IntegrityPolicyViolationEvent/documentURL}}
+              ::  |document URL|
+              :   {{IntegrityPolicyViolationEvent/blockedURL}}
+              ::  |blocked URL|
+  1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
+              :   {{IntegrityPolicyViolationReportBody/documentURL}}
+              ::  |document URL|
+              :   {{IntegrityPolicyViolationReportBody/blockedURL}}
+              ::  |blocked URL|
+  1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>,
+     <a>generate and queue a report</a> with the following arguments:
+              :   <var ignore>context</var>
+              ::  |settings object|
+              :   <var ignore>type</var>
+              ::  "integrity-policy-violation"
+              :   <var ignore>destination</var>
+              ::  |endpoint|
+              :   <var ignore>data</var>
+              ::  |body|
+  1. If |report block|, <a for=list>for each</a> |endpoint| in |report policy|'s <a>endpoints</a>,
+     <a>generate and queue a report</a> with the following arguments:
+              :   <var ignore>context</var>
+              ::  |settings object|
+              :   <var ignore>type</var>
+              ::  "integrity-policy-violation"
+              :   <var ignore>destination</var>
+              ::  |endpoint|
+              :   <var ignore>data</var>
+              ::  |body|
 
   ### Integration ### {#integration}
 

From bea36d09ad218f41182574940df834c097d01269 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Fri, 18 Apr 2025 05:35:24 +0200
Subject: [PATCH 07/19] Remove event, add destination and correct algo

---
 index.bs | 59 ++++++++++++++++++++++++++------------------------------
 1 file changed, 27 insertions(+), 32 deletions(-)

diff --git a/index.bs b/index.bs
index 39eb054..dcb8717 100644
--- a/index.bs
+++ b/index.bs
@@ -546,7 +546,7 @@ spec:csp3; type:grammar; text:base64-value
   1. If |dictionary|['enforcement'] exists:
     1. If its value is "block", set |integrity policy|'s <a>enforcement</a> to "block".
     1. Otherwise, set |integrity policy|'s <a>enforcement</a> to the empty string.
-  1. If |dictionary|['sources'] does not exist or if its value does not <a for=list>contain</a> "inline",
+  1. If |dictionary|['sources'] does not exist or if its value <a for=list>contains</a> "inline",
      <a for=list>append</a> "inline" to |integrity policy|'s <a>sources</a>.
   1. If |dictionary|['destinations'] exists:
     1. If its value <a for=list>contains</a> "script", set |integrity policy|'s <a>destinations</a> to "script".
@@ -587,26 +587,14 @@ spec:csp3; type:grammar; text:base64-value
  
   ### Report violations ### {#report-violations}
 
-  <pre class="idl">
-
-    [Exposed=(Window,Worker)]
-    interface IntegrityPolicyViolationEvent : Event {
-        constructor(DOMString type, optional IntegrityPolicyViolationEventInit eventInitDict = {});
-        readonly    attribute USVString      documentURL;
-        readonly    attribute USVString      blockedURL;
-    };
-    dictionary IntegrityPolicyViolationEventInit : EventInit {
-        USVString      documentURL = "";
-        USVString      blockedURL = "";
-    };
-  </pre>
-
   <pre class="idl">
     [Exposed=Window]
     interface IntegrityPolicyViolationReportBody : ReportBody {
       [Default] object toJSON();
       readonly attribute USVString documentURL;
-      readonly attribute USVString? blockedURL;
+      readonly attribute USVString blockedURL;
+      readonly attribute USVString destination;
+      readonly attribute boolean   reportOnly;
     };
   </pre>
 
@@ -621,19 +609,17 @@ spec:csp3; type:grammar; text:base64-value
   1. Let |target| be |global|'s <a>associated Document</a>.
   1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |target|'s <a>document URL</a>.
   1. Let |blocked URL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
-  1. <a>Fire an event</a> names "integritypolicyviolation" that uses the `IntegrityPolicyViolationEvent`
-     interface at |target|, with its attributes initiaized as follows:
-              :   {{IntegrityPolicyViolationEvent/documentURL}}
-              ::  |document URL|
-              :   {{IntegrityPolicyViolationEvent/blockedURL}}
-              ::  |blocked URL|
-  1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
-              :   {{IntegrityPolicyViolationReportBody/documentURL}}
-              ::  |document URL|
-              :   {{IntegrityPolicyViolationReportBody/blockedURL}}
-              ::  |blocked URL|
-  1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>,
-     <a>generate and queue a report</a> with the following arguments:
+  1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
+     1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
+                 :   {{IntegrityPolicyViolationReportBody/documentURL}}
+                 ::  |document URL|
+                 :   {{IntegrityPolicyViolationReportBody/blockedURL}}
+                 ::  |blocked URL|
+                 :   {{IntegrityPolicyViolationReportBody/destination}}
+                 ::  |request|'s <a for=request>destination</a>
+                 :   {{IntegrityPolicyViolationReportBody/reportOnly}}
+                 ::  false
+     2. <a>Generate and queue a report</a> with the following arguments:
               :   <var ignore>context</var>
               ::  |settings object|
               :   <var ignore>type</var>
@@ -642,8 +628,17 @@ spec:csp3; type:grammar; text:base64-value
               ::  |endpoint|
               :   <var ignore>data</var>
               ::  |body|
-  1. If |report block|, <a for=list>for each</a> |endpoint| in |report policy|'s <a>endpoints</a>,
-     <a>generate and queue a report</a> with the following arguments:
+  1. If |report block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
+     1. Let |report body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
+                 :   {{IntegrityPolicyViolationReportBody/documentURL}}
+                 ::  |document URL|
+                 :   {{IntegrityPolicyViolationReportBody/blockedURL}}
+                 ::  |blocked URL|
+                 :   {{IntegrityPolicyViolationReportBody/destination}}
+                 ::  |request|'s <a for=request>destination</a>
+                 :   {{IntegrityPolicyViolationReportBody/reportOnly}}
+                 ::  true 
+     2. <a>Generate and queue a report</a> with the following arguments:
               :   <var ignore>context</var>
               ::  |settings object|
               :   <var ignore>type</var>
@@ -651,7 +646,7 @@ spec:csp3; type:grammar; text:base64-value
               :   <var ignore>destination</var>
               ::  |endpoint|
               :   <var ignore>data</var>
-              ::  |body|
+              ::  |report body|
 
   ### Integration ### {#integration}
 

From fdd459ae86cd39c9aad8cd620d63216a8d3e63af Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Fri, 18 Apr 2025 05:56:54 +0200
Subject: [PATCH 08/19] Add request mode conditions

---
 index.bs | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/index.bs b/index.bs
index dcb8717..e6fb647 100644
--- a/index.bs
+++ b/index.bs
@@ -571,16 +571,21 @@ spec:csp3; type:grammar; text:base64-value
   do the following:
 
   1. Let |policy container| be |request|'s <a>policy container</a>.
-  1. if |request|'s <a>integrity metadata</a> is not empty, return "Allowed".
+  1. if |request|'s <a>integrity metadata</a> is not the empty string
+     and |request|'s <a for=request>mode</a> is either "cors" or "same-origin",
+     return "Allowed".
   1. Let |policy| be |policy container|'s <a>integrity policy</a>.
   1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
-  1. if |policy|'s <a>enforcement</a> is "block" and |policy|'s <a>source</a> is "inline" and |policy|'s
-     <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set |block| to true.
-  1. if |report policy|'s <a>enforcement</a> is "block" and |report policy|'s <a>source</a> is "inline"
-     and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>, set
-    |report block| to true.
+  1. if |policy|'s <a>enforcement</a> is "block"
+     and |policy|'s <a>source</a> is "inline"
+     and |policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>,
+     set |block| to true.
+  1. if |report policy|'s <a>enforcement</a> is "block"
+     and |report policy|'s <a>source</a> is "inline"
+     and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>,
+     set |report block| to true.
   1. If |block| or |report block|, <a>report violation</a> with |request|, |block|, |report block|,
      |policy| and |report policy|.
   1. If |block|, return "Blocked". Otherwise, return "Allowed".

From baf426f7d0b667c006ea95b869ce43cf7c558671 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Mon, 21 Apr 2025 11:34:40 +0200
Subject: [PATCH 09/19] Remove enforcement

---
 index.bs | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/index.bs b/index.bs
index e6fb647..95bb313 100644
--- a/index.bs
+++ b/index.bs
@@ -524,7 +524,7 @@ spec:csp3; type:grammar; text:base64-value
   ## Integrity-Policy ## {#integrity-policy-section}
   The `Integrity-Policy` and `Integrity-Policy-Report-Only` HTTP headers enable a document to
   enforce a policy regarding the integrity metadata requirements on all the subresources it
-  loads of certain <a>destinations</a>.
+  loads of certain <a for=request>destinations</a>.
 
   The headers' value is a <a>Dictionary</a> [[RFC9651]], with every member-value being an
   <a>inner list</a> of <a>tokens</a>.
@@ -534,22 +534,19 @@ spec:csp3; type:grammar; text:base64-value
 
   An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
 
-    * <dfn>enforcement</dfn>, a string which is the empty string or "block". Initially "block".
     * <dfn>sources</dfn>, a list of <a>source</a>s, Initially empty.
-    * <dfn>destinations</dfn>, a list of <a>destination</a>s, Initially empty.
+    * <dfn>blocked destinations</dfn>, a list of <a>destination</a>s, Initially empty.
     * <dfn>endpoints</dfn>, a <a>list</a> of strings, initially empty.
 
   When <dfn>processing an integrity policy</dfn>, with |input|, do the following:
 
   1. Let |integrity policy| be a new <a>integrity policy struct</a>.
   1. Let |dictionary| be the result of <a>parsing a dictionary</a> with |input|.
-  1. If |dictionary|['enforcement'] exists:
-    1. If its value is "block", set |integrity policy|'s <a>enforcement</a> to "block".
-    1. Otherwise, set |integrity policy|'s <a>enforcement</a> to the empty string.
   1. If |dictionary|['sources'] does not exist or if its value <a for=list>contains</a> "inline",
      <a for=list>append</a> "inline" to |integrity policy|'s <a>sources</a>.
-  1. If |dictionary|['destinations'] exists:
-    1. If its value <a for=list>contains</a> "script", set |integrity policy|'s <a>destinations</a> to "script".
+  1. If |dictionary|['blocked-destinations'] exists:
+    1. If its value <a for=list>contains</a> "script",
+       <a for=list>append</a> "script" to |integrity policy|'s <a>blocked destinations</a>.
   1. if |dictionary|['endpoints'] exists:
     1. Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
   1. return |integrity policy|
@@ -578,13 +575,11 @@ spec:csp3; type:grammar; text:base64-value
   1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
-  1. if |policy|'s <a>enforcement</a> is "block"
-     and |policy|'s <a>source</a> is "inline"
-     and |policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>,
+  1. if |policy|'s <a>source</a> is "inline"
+     and |policy|'s <a>blocked destinations</a> <a for=list>contains</a> |request|'s <a for=request>destination</a>,
      set |block| to true.
-  1. if |report policy|'s <a>enforcement</a> is "block"
-     and |report policy|'s <a>source</a> is "inline"
-     and |report policy|'s <a>destination</a> is equal to |request|'s <a for=request>destination</a>,
+  1. if |report policy|'s <a>source</a> is "inline"
+     and |report policy|'s <a>blocked destinations</a> <a for=list>contains</a> |request|'s <a for=request>destination</a>,
      set |report block| to true.
   1. If |block| or |report block|, <a>report violation</a> with |request|, |block|, |report block|,
      |policy| and |report policy|.

From 0d5d643a9d78c0a3523478408657d32bc97f4f71 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Mon, 21 Apr 2025 11:45:08 +0200
Subject: [PATCH 10/19] Fix up sources ref

---
 index.bs | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/index.bs b/index.bs
index 95bb313..e23a485 100644
--- a/index.bs
+++ b/index.bs
@@ -556,12 +556,14 @@ spec:csp3; type:grammar; text:base64-value
   and a <a>policy container</a> |container|, do the following:
 
   1. Let |headers| be |response|'s <a>header list</a>.
-  1. If |headers| <a for="header list">contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy",
-     let |container|'s <a>integrity policy</a> be the result of running <a>processing an integrity policy</a>
-     with the corresponding <a>header value</a>.
-  1. If |headers| <a for="header list">contains</a> a <a>header</a> whose <a>header name</a> is "Integrity-Policy-Report-Only",
-     let |container|'s <a>report only integrity policy</a> be the result of running <a>processing an integrity
-     policy</a> with the corresponding <a>header value</a>.
+  1. If |headers| <a for="header list">contains</a> a <a>header</a>
+     whose <a>header name</a> is "Integrity-Policy",
+     let |container|'s <a>integrity policy</a> be the result of running
+     <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
+  1. If |headers| <a for="header list">contains</a> a <a>header</a>
+     whose <a>header name</a> is "Integrity-Policy-Report-Only",
+     let |container|'s <a>report only integrity policy</a> be the result of running
+     <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   
   ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy-section}
   To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a>request</a> |request|,
@@ -575,11 +577,13 @@ spec:csp3; type:grammar; text:base64-value
   1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
-  1. if |policy|'s <a>source</a> is "inline"
-     and |policy|'s <a>blocked destinations</a> <a for=list>contains</a> |request|'s <a for=request>destination</a>,
+  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "inline"
+     and |policy|'s <a>blocked destinations</a> <a for=list>contains</a>
+     |request|'s <a for=request>destination</a>,
      set |block| to true.
-  1. if |report policy|'s <a>source</a> is "inline"
-     and |report policy|'s <a>blocked destinations</a> <a for=list>contains</a> |request|'s <a for=request>destination</a>,
+  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "inline"
+     and |report policy|'s <a>blocked destinations</a> <a for=list>contains</a>
+     |request|'s <a for=request>destination</a>,
      set |report block| to true.
   1. If |block| or |report block|, <a>report violation</a> with |request|, |block|, |report block|,
      |policy| and |report policy|.

From 5229ce5658947147aab683ce506502e8943ed894 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Tue, 29 Apr 2025 18:14:08 +0200
Subject: [PATCH 11/19] Clarify that we are only dealing with Window for now

---
 index.bs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/index.bs b/index.bs
index e23a485..d51c7fe 100644
--- a/index.bs
+++ b/index.bs
@@ -575,6 +575,8 @@ spec:csp3; type:grammar; text:base64-value
      return "Allowed".
   1. Let |policy| be |policy container|'s <a>integrity policy</a>.
   1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
+  1. If both |policy| and |report policy| are empty <a>integrity policy struct</a>s, return "Allowed".
+  1. Assert that |request|'s <a for=request>client</a>'s <a>global object</a> is a <a>Window</a>. 
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
   1. if |policy|'s <a>sources</a> <a for=list>contains</a> "inline"
@@ -662,6 +664,9 @@ spec:csp3; type:grammar; text:base64-value
   Add an extra step to <a>create a policy container from a fetch response</a> before it returns, that runs
   <a>parse Integrity-Policy headers</a> with <var ignore>response</var> and <var ignore>result</var>.
 
+  Note: The creation of a policy container only happens on navigation responses, but there's no
+        current way to assert that as part of the algorithm.
+
   Expand step 7 of <a>main fetch</a> to call <a>should request be blocked by integrity policy</a>
   and return a <a>network error</a> if it returns "blocked"
 

From b8a537c9a0322814f552063a7608176d763da11a Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 30 Apr 2025 13:16:57 +0200
Subject: [PATCH 12/19] Add worker handling

---
 index.bs | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/index.bs b/index.bs
index d51c7fe..42950b3 100644
--- a/index.bs
+++ b/index.bs
@@ -49,6 +49,7 @@ spec: HTML; urlPrefix: https://html.spec.whatwg.org/C
     text: policy container; url: policy-container
     text: global object; url: global-object
     text: window; url: window
+    text: WorkerGlobalScope; url: workerglobalscope
 
 spec: FETCH; urlPrefix: https://fetch.spec.whatwg.org/
   type: dfn
@@ -576,7 +577,8 @@ spec:csp3; type:grammar; text:base64-value
   1. Let |policy| be |policy container|'s <a>integrity policy</a>.
   1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
   1. If both |policy| and |report policy| are empty <a>integrity policy struct</a>s, return "Allowed".
-  1. Assert that |request|'s <a for=request>client</a>'s <a>global object</a> is a <a>Window</a>. 
+  1. Let |global| be |request|'s <a for=request>client</a>'s <a>global object</a>.
+  1. if |global| is not a <a>Window</a> nor a <a>WorkerGlobalScope</a>, return "Allowed".
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
   1. if |policy|'s <a>sources</a> <a for=list>contains</a> "inline"
@@ -611,9 +613,11 @@ spec:csp3; type:grammar; text:base64-value
   1. Assert that |request|'s <a for=request>client</a> is not null.
   1. Let |settings object| be |request|'s <a for=request>client</a>.
   1. Let |global| be |settings object|'s <a>global object</a>.
-  1. Assert that |global| is a <a>Window</a>.
-  1. Let |target| be |global|'s <a>associated Document</a>.
-  1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |target|'s <a>document URL</a>.
+  1. Assert that |global| is a <a>Window</a> or a <a>WorkerGlobalScope</a>.
+  1. Let |URL| be an empty <a for=/>URL</a>.
+  1. If |global| is a <a>Window</a>, set |URL| to |global|'s <a>associated Document</a> <a>document URL</a>.
+  1. If |global| is a <a>WorkerGlobalScope</a>, set |URL| to |global|'s <a for=WorkerGlobalScope>URL</a>.
+  1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |URL|.
   1. Let |blocked URL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
   1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
      1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:

From b0176f010ab32a9c6f3ebe006f4431e7931db92c Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 30 Apr 2025 13:18:34 +0200
Subject: [PATCH 13/19] Remove wrong note

---
 index.bs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/index.bs b/index.bs
index 42950b3..49223a3 100644
--- a/index.bs
+++ b/index.bs
@@ -668,9 +668,6 @@ spec:csp3; type:grammar; text:base64-value
   Add an extra step to <a>create a policy container from a fetch response</a> before it returns, that runs
   <a>parse Integrity-Policy headers</a> with <var ignore>response</var> and <var ignore>result</var>.
 
-  Note: The creation of a policy container only happens on navigation responses, but there's no
-        current way to assert that as part of the algorithm.
-
   Expand step 7 of <a>main fetch</a> to call <a>should request be blocked by integrity policy</a>
   and return a <a>network error</a> if it returns "blocked"
 

From a75bb368a63aea395aad449ef4b3a66a5c50834a Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 30 Apr 2025 15:32:00 +0200
Subject: [PATCH 14/19] Annevk review comments

---
 index.bs | 60 +++++++++++++++++++++++++++-----------------------------
 1 file changed, 29 insertions(+), 31 deletions(-)

diff --git a/index.bs b/index.bs
index 49223a3..aa198e2 100644
--- a/index.bs
+++ b/index.bs
@@ -53,10 +53,6 @@ spec: HTML; urlPrefix: https://html.spec.whatwg.org/C
 
 spec: FETCH; urlPrefix: https://fetch.spec.whatwg.org/
   type: dfn
-    text: request; url: concept-request 
-    text: response; url: concept-response 
-    text: header list; url: concept-response-header-list
-    text: header; url: concept-header
     text: main fetch; url: main-fetch
 
 spec: RFC7234; urlPrefix: https://tools.ietf.org/html/rfc7234
@@ -81,7 +77,6 @@ spec: RFC9651; urlPrefix: https://tools.ietf.org/html/rfc9651
     text: Dictionary; url: name-dictionaries
     text: inner list; url: name-inner-lists
     text: token; url: name-tokens
-    text: parsing a dictionary; url: name-parsing-a-dictionary
 
 </pre>
 <pre class="link-defaults">
@@ -530,8 +525,9 @@ spec:csp3; type:grammar; text:base64-value
   The headers' value is a <a>Dictionary</a> [[RFC9651]], with every member-value being an
   <a>inner list</a> of <a>tokens</a>.
   
-  A <dfn>source</dfn> is a string. The only possible value for it is "inline".
-  A <dfn>destination</dfn> is a string. The only possible value for it is "script".
+  A <dfn>source</dfn> is a string. The only possible value for it is "`inline`".
+
+  A <dfn>destination</dfn> is a string. The only possible value for it is "`script`".
 
   An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
 
@@ -539,35 +535,36 @@ spec:csp3; type:grammar; text:base64-value
     * <dfn>blocked destinations</dfn>, a list of <a>destination</a>s, Initially empty.
     * <dfn>endpoints</dfn>, a <a>list</a> of strings, initially empty.
 
-  When <dfn>processing an integrity policy</dfn>, with |input|, do the following:
-
-  1. Let |integrity policy| be a new <a>integrity policy struct</a>.
-  1. Let |dictionary| be the result of <a>parsing a dictionary</a> with |input|.
-  1. If |dictionary|['sources'] does not exist or if its value <a for=list>contains</a> "inline",
-     <a for=list>append</a> "inline" to |integrity policy|'s <a>sources</a>.
-  1. If |dictionary|['blocked-destinations'] exists:
-    1. If its value <a for=list>contains</a> "script",
-       <a for=list>append</a> "script" to |integrity policy|'s <a>blocked destinations</a>.
-  1. if |dictionary|['endpoints'] exists:
-    1. Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
-  1. return |integrity policy|
+  When <dfn>processing an integrity policy</dfn>, with |headers| and |header name|, do the following:
+
+  1. Let |integrityPolicy| be a new <a>integrity policy struct</a>.
+  1. Let |dictionary| be the result of <a>getting a structured field value</a> from |headers|
+     given |header name| and "`dictionary`".
+  1. If |dictionary|["`sources`"] does not exist or if its value <a for=list>contains</a> "`inline`",
+     <a for=list>append</a> "`inline`" to |integrityPolicy|'s <a>sources</a>.
+  1. If |dictionary|["`blocked-destinations`"] exists:
+    1. If its value <a for=list>contains</a> "`script`",
+       <a for=list>append</a> "`script`" to |integrityPolicy|'s <a>blocked destinations</a>.
+  1. If |dictionary|["`endpoints`"] <a for=map>exists</a>:
+    1. Set |integrityPolicy|'s <a>endpoints</a> to |dictionary|['endpoints'].
+  1. Return |integrityPolicy|.
   
   ### Parse Integrity-Policy headers ### {#parse-integrity-policy-headers-section}
-  To <dfn>parse Integrity-Policy headers</dfn>, given a <a>Response</a> |response|
+  To <dfn>parse Integrity-Policy headers</dfn>, given a <a for=/>Response</a> |response|
   and a <a>policy container</a> |container|, do the following:
 
-  1. Let |headers| be |response|'s <a>header list</a>.
+  1. Let |headers| be |response|'s <a for=response>header list</a>.
   1. If |headers| <a for="header list">contains</a> a <a>header</a>
-     whose <a>header name</a> is "Integrity-Policy",
+     whose <a>header name</a> is "`Integrity-Policy`",
      let |container|'s <a>integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   1. If |headers| <a for="header list">contains</a> a <a>header</a>
-     whose <a>header name</a> is "Integrity-Policy-Report-Only",
+     whose <a>header name</a> is "`Integrity-Policy-Report-Only`",
      let |container|'s <a>report only integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   
   ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy-section}
-  To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a>request</a> |request|,
+  To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a for=/>request</a> |request|,
   do the following:
 
   1. Let |policy container| be |request|'s <a>policy container</a>.
@@ -581,11 +578,11 @@ spec:csp3; type:grammar; text:base64-value
   1. if |global| is not a <a>Window</a> nor a <a>WorkerGlobalScope</a>, return "Allowed".
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
-  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "inline"
+  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
      and |policy|'s <a>blocked destinations</a> <a for=list>contains</a>
      |request|'s <a for=request>destination</a>,
      set |block| to true.
-  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "inline"
+  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
      and |report policy|'s <a>blocked destinations</a> <a for=list>contains</a>
      |request|'s <a for=request>destination</a>,
      set |report block| to true.
@@ -606,7 +603,7 @@ spec:csp3; type:grammar; text:base64-value
     };
   </pre>
 
-  To <dfn>report violation</dfn> given a <a>Request</a> |request|, a boolean |block|,
+  To <dfn>report violation</dfn> given a <a for=/>Request</a> |request|, a boolean |block|,
   a boolean |report block|, an <a>integrity policy struct</a> |policy|,
   and an <a>integrity policy struct</a> |report policy|, do the following:
 
@@ -614,10 +611,11 @@ spec:csp3; type:grammar; text:base64-value
   1. Let |settings object| be |request|'s <a for=request>client</a>.
   1. Let |global| be |settings object|'s <a>global object</a>.
   1. Assert that |global| is a <a>Window</a> or a <a>WorkerGlobalScope</a>.
-  1. Let |URL| be an empty <a for=/>URL</a>.
-  1. If |global| is a <a>Window</a>, set |URL| to |global|'s <a>associated Document</a> <a>document URL</a>.
-  1. If |global| is a <a>WorkerGlobalScope</a>, set |URL| to |global|'s <a for=WorkerGlobalScope>URL</a>.
-  1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |URL|.
+  1. Let |url| be a <a for=/>URL</a>, initially null.
+  1. If |global| is a <a>Window</a>, set |url| to |global|'s <a>associated Document</a> <a>document URL</a>.
+  1. If |global| is a <a>WorkerGlobalScope</a>, set |url| to |global|'s <a for=WorkerGlobalScope>URL</a>.
+  1. Assert that |url| is a non-null <a for=/>URL</a>.
+  1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |url|.
   1. Let |blocked URL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
   1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
      1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:

From 8c43fe8123acefe4fb7edbd4dbcbba386f194c0a Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Thu, 1 May 2025 19:28:43 +0200
Subject: [PATCH 15/19] more review comments

---
 index.bs | 70 +++++++++++++++++++++++---------------------------------
 1 file changed, 28 insertions(+), 42 deletions(-)

diff --git a/index.bs b/index.bs
index aa198e2..8dcc92e 100644
--- a/index.bs
+++ b/index.bs
@@ -36,21 +36,6 @@ spec: CSP; urlPrefix: https://www.w3.org/TR/CSP3/
   type: dfn
     text: strip url for use in reports; url: strip-url-for-use-in-reports
 
-spec: DOM; urlPrefix: https://dom.spec.whatwg.org/
-  type: dfn
-    text: document url; url: concept-document-url
-
-spec: INFRA; urlPrefix: https://infra.spec.whatwg.org
-  type: dfn
-    text: list; url: list
-
-spec: HTML; urlPrefix: https://html.spec.whatwg.org/C
-  type: dfn
-    text: policy container; url: policy-container
-    text: global object; url: global-object
-    text: window; url: window
-    text: WorkerGlobalScope; url: workerglobalscope
-
 spec: FETCH; urlPrefix: https://fetch.spec.whatwg.org/
   type: dfn
     text: main fetch; url: main-fetch
@@ -531,58 +516,59 @@ spec:csp3; type:grammar; text:base64-value
 
   An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
 
-    * <dfn>sources</dfn>, a list of <a>source</a>s, Initially empty.
-    * <dfn>blocked destinations</dfn>, a list of <a>destination</a>s, Initially empty.
-    * <dfn>endpoints</dfn>, a <a>list</a> of strings, initially empty.
+    * <dfn>sources</dfn>, a list of <a>source</a>s, initially empty.
+    * <dfn>blocked destinations</dfn>, a list of <a>destination</a>s, initially empty.
+    * <dfn>endpoints</dfn>, a <a for=/>list</a> of strings, initially empty.
 
   When <dfn>processing an integrity policy</dfn>, with |headers| and |header name|, do the following:
 
-  1. Let |integrityPolicy| be a new <a>integrity policy struct</a>.
+  1. Let |integrity policy| be a new <a>integrity policy struct</a>.
   1. Let |dictionary| be the result of <a>getting a structured field value</a> from |headers|
      given |header name| and "`dictionary`".
-  1. If |dictionary|["`sources`"] does not exist or if its value <a for=list>contains</a> "`inline`",
-     <a for=list>append</a> "`inline`" to |integrityPolicy|'s <a>sources</a>.
-  1. If |dictionary|["`blocked-destinations`"] exists:
+  1. If |dictionary|["`sources`"] does not <a for=list>exist</a> or if its value
+     <a for=list>contains</a> "`inline`", <a for=list>append</a> "`inline`" to
+     |integrity policy|'s <a>sources</a>.
+  1. If |dictionary|["`blocked-destinations`"] <a for=list>exists</a>:
     1. If its value <a for=list>contains</a> "`script`",
-       <a for=list>append</a> "`script`" to |integrityPolicy|'s <a>blocked destinations</a>.
+       <a for=list>append</a> "`script`" to |integrity policy|'s <a>blocked destinations</a>.
   1. If |dictionary|["`endpoints`"] <a for=map>exists</a>:
-    1. Set |integrityPolicy|'s <a>endpoints</a> to |dictionary|['endpoints'].
-  1. Return |integrityPolicy|.
+    1. Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
+  1. Return |integrity policy|.
   
   ### Parse Integrity-Policy headers ### {#parse-integrity-policy-headers-section}
   To <dfn>parse Integrity-Policy headers</dfn>, given a <a for=/>Response</a> |response|
-  and a <a>policy container</a> |container|, do the following:
+  and a <a for=/>policy container</a> |container|, do the following:
 
   1. Let |headers| be |response|'s <a for=response>header list</a>.
   1. If |headers| <a for="header list">contains</a> a <a>header</a>
      whose <a>header name</a> is "`Integrity-Policy`",
-     let |container|'s <a>integrity policy</a> be the result of running
+     set |container|'s <a>integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   1. If |headers| <a for="header list">contains</a> a <a>header</a>
      whose <a>header name</a> is "`Integrity-Policy-Report-Only`",
-     let |container|'s <a>report only integrity policy</a> be the result of running
+     set |container|'s <a>report only integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   
   ### Should request be blocked by Integrity Policy ### {#should-request-be-blocked-by-integrity-policy-section}
   To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a for=/>request</a> |request|,
   do the following:
 
-  1. Let |policy container| be |request|'s <a>policy container</a>.
-  1. if |request|'s <a>integrity metadata</a> is not the empty string
+  1. Let |policy container| be |request|'s <a for=request>policy container</a>.
+  1. If |request|'s <a>integrity metadata</a> is not the empty string
      and |request|'s <a for=request>mode</a> is either "cors" or "same-origin",
      return "Allowed".
   1. Let |policy| be |policy container|'s <a>integrity policy</a>.
   1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
   1. If both |policy| and |report policy| are empty <a>integrity policy struct</a>s, return "Allowed".
-  1. Let |global| be |request|'s <a for=request>client</a>'s <a>global object</a>.
-  1. if |global| is not a <a>Window</a> nor a <a>WorkerGlobalScope</a>, return "Allowed".
+  1. Let |global| be |request|'s <a for=request>client</a>'s <a for="environment settings object">global object</a>.
+  1. If |global| is not a {{Window}} nor a {{WorkerGlobalScope}}, return "Allowed".
   1. Let |block| be a boolean, initially false.
   1. Let |report block| be a boolean, initially false.
-  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
+  1. If |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
      and |policy|'s <a>blocked destinations</a> <a for=list>contains</a>
      |request|'s <a for=request>destination</a>,
      set |block| to true.
-  1. if |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
+  1. If |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
      and |report policy|'s <a>blocked destinations</a> <a for=list>contains</a>
      |request|'s <a for=request>destination</a>,
      set |report block| to true.
@@ -607,14 +593,14 @@ spec:csp3; type:grammar; text:base64-value
   a boolean |report block|, an <a>integrity policy struct</a> |policy|,
   and an <a>integrity policy struct</a> |report policy|, do the following:
 
-  1. Assert that |request|'s <a for=request>client</a> is not null.
+  1. <a>Assert</a>: |request|'s <a for=request>client</a> is not null.
   1. Let |settings object| be |request|'s <a for=request>client</a>.
-  1. Let |global| be |settings object|'s <a>global object</a>.
-  1. Assert that |global| is a <a>Window</a> or a <a>WorkerGlobalScope</a>.
-  1. Let |url| be a <a for=/>URL</a>, initially null.
-  1. If |global| is a <a>Window</a>, set |url| to |global|'s <a>associated Document</a> <a>document URL</a>.
-  1. If |global| is a <a>WorkerGlobalScope</a>, set |url| to |global|'s <a for=WorkerGlobalScope>URL</a>.
-  1. Assert that |url| is a non-null <a for=/>URL</a>.
+  1. Let |global| be |settings object|'s <a for="environment settings object">global object</a>.
+  1. <a>Assert</a>: |global| is a {{Window}} or a {{WorkerGlobalScope}}.
+  1. Let |url| be null.
+  1. If |global| is a {{Window}}, set |url| to |global|'s <a>associated Document</a>'s {{Document/URL}}.
+  1. If |global| is a {{WorkerGlobalScope}}, set |url| to |global|'s <a for=WorkerGlobalScope>URL</a>.
+  1. <a>Assert</a>: |url| a <a for=/>URL</a>.
   1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |url|.
   1. Let |blocked URL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
   1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
@@ -658,7 +644,7 @@ spec:csp3; type:grammar; text:base64-value
 
   ### Integration ### {#integration}
 
-  A <a>policy container</a> has extra items:
+  A <a for=/>policy container</a> has extra items:
 
   * <dfn>integrity policy</dfn>, an <a>integrity policy struct</a>.
   * <dfn>report only integrity policy</dfn>, an <a>integrity policy struct</a>.

From 0c12600aaecec6d761d9c3241f90092af4cd588b Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Tue, 13 May 2025 08:34:37 +0200
Subject: [PATCH 16/19] Make destination a request destination

---
 index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index 8dcc92e..2335fa4 100644
--- a/index.bs
+++ b/index.bs
@@ -512,7 +512,7 @@ spec:csp3; type:grammar; text:base64-value
   
   A <dfn>source</dfn> is a string. The only possible value for it is "`inline`".
 
-  A <dfn>destination</dfn> is a string. The only possible value for it is "`script`".
+  A <dfn>destination</dfn> is a <a for=request>destination</a>. The only possible value for it is "`script`".
 
   An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
 

From 117bb355774575de6ce403b7e91634fe41a03f58 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 14 May 2025 15:15:35 +0200
Subject: [PATCH 17/19] Review comments

---
 index.bs | 85 +++++++++++++++++++++++++++++---------------------------
 1 file changed, 44 insertions(+), 41 deletions(-)

diff --git a/index.bs b/index.bs
index 2335fa4..597f48a 100644
--- a/index.bs
+++ b/index.bs
@@ -512,7 +512,7 @@ spec:csp3; type:grammar; text:base64-value
   
   A <dfn>source</dfn> is a string. The only possible value for it is "`inline`".
 
-  A <dfn>destination</dfn> is a <a for=request>destination</a>. The only possible value for it is "`script`".
+  A <dfn>destination</dfn> is a string. The only possible value for it is "`script`".
 
   An <dfn>integrity policy struct</dfn>, is a <a>struct</a> that contains the following:
 
@@ -520,20 +520,21 @@ spec:csp3; type:grammar; text:base64-value
     * <dfn>blocked destinations</dfn>, a list of <a>destination</a>s, initially empty.
     * <dfn>endpoints</dfn>, a <a for=/>list</a> of strings, initially empty.
 
-  When <dfn>processing an integrity policy</dfn>, with |headers| and |header name|, do the following:
+  When <dfn>processing an integrity policy</dfn>, with a <a for=/>header list</a> |headers|
+  and a <a>header name</a> |headerName|, do the following:
 
-  1. Let |integrity policy| be a new <a>integrity policy struct</a>.
+  1. Let |integrityPolicy| be a new <a>integrity policy struct</a>.
   1. Let |dictionary| be the result of <a>getting a structured field value</a> from |headers|
-     given |header name| and "`dictionary`".
+     given |headerName| and "`dictionary`".
   1. If |dictionary|["`sources`"] does not <a for=list>exist</a> or if its value
      <a for=list>contains</a> "`inline`", <a for=list>append</a> "`inline`" to
-     |integrity policy|'s <a>sources</a>.
+     |integrityPolicy|'s <a>sources</a>.
   1. If |dictionary|["`blocked-destinations`"] <a for=list>exists</a>:
     1. If its value <a for=list>contains</a> "`script`",
-       <a for=list>append</a> "`script`" to |integrity policy|'s <a>blocked destinations</a>.
+       <a for=list>append</a> "`script`" to |integrityPolicy|'s <a>blocked destinations</a>.
   1. If |dictionary|["`endpoints`"] <a for=map>exists</a>:
-    1. Set |integrity policy|'s <a>endpoints</a> to |dictionary|['endpoints'].
-  1. Return |integrity policy|.
+    1. Set |integrityPolicy|'s <a>endpoints</a> to |dictionary|['endpoints'].
+  1. Return |integrityPolicy|.
   
   ### Parse Integrity-Policy headers ### {#parse-integrity-policy-headers-section}
   To <dfn>parse Integrity-Policy headers</dfn>, given a <a for=/>Response</a> |response|
@@ -541,11 +542,13 @@ spec:csp3; type:grammar; text:base64-value
 
   1. Let |headers| be |response|'s <a for=response>header list</a>.
   1. If |headers| <a for="header list">contains</a> a <a>header</a>
-     whose <a>header name</a> is "`Integrity-Policy`",
+     whose <a>byte-lowercased</a> <a>header name</a>'s <a>isomorphic decode</a>
+     is "`integrity-policy`",
      set |container|'s <a>integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   1. If |headers| <a for="header list">contains</a> a <a>header</a>
-     whose <a>header name</a> is "`Integrity-Policy-Report-Only`",
+     whose <a>byte-lowercased</a> <a>header name</a>'s <a>isomorphic decode</a>
+     is "`integrity-policy-report-only`",
      set |container|'s <a>report only integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   
@@ -553,28 +556,28 @@ spec:csp3; type:grammar; text:base64-value
   To determine <dfn>should request be blocked by integrity policy</dfn>, given a <a for=/>request</a> |request|,
   do the following:
 
-  1. Let |policy container| be |request|'s <a for=request>policy container</a>.
+  1. Let |policyContainer| be |request|'s <a for=request>policy container</a>.
   1. If |request|'s <a>integrity metadata</a> is not the empty string
-     and |request|'s <a for=request>mode</a> is either "cors" or "same-origin",
+     and |request|'s <a for=request>mode</a> is either "`cors`" or "`same-origin`",
      return "Allowed".
-  1. Let |policy| be |policy container|'s <a>integrity policy</a>.
-  1. Let |report policy| be |policy container|'s <a>report only integrity policy</a>.
-  1. If both |policy| and |report policy| are empty <a>integrity policy struct</a>s, return "Allowed".
+  1. Let |policy| be |policyContainer|'s <a>integrity policy</a>.
+  1. Let |reportPolicy| be |policyContainer|'s <a>report only integrity policy</a>.
+  1. If both |policy| and |reportPolicy| are empty <a>integrity policy struct</a>s, return "Allowed".
   1. Let |global| be |request|'s <a for=request>client</a>'s <a for="environment settings object">global object</a>.
-  1. If |global| is not a {{Window}} nor a {{WorkerGlobalScope}}, return "Allowed".
+  1. If |global| is not a {{Window}} nor a {{WorkerGlobalScope}}, return "`Allowed`".
   1. Let |block| be a boolean, initially false.
-  1. Let |report block| be a boolean, initially false.
+  1. Let |reportBlock| be a boolean, initially false.
   1. If |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
      and |policy|'s <a>blocked destinations</a> <a for=list>contains</a>
      |request|'s <a for=request>destination</a>,
      set |block| to true.
   1. If |policy|'s <a>sources</a> <a for=list>contains</a> "`inline`"
-     and |report policy|'s <a>blocked destinations</a> <a for=list>contains</a>
+     and |reportPolicy|'s <a>blocked destinations</a> <a for=list>contains</a>
      |request|'s <a for=request>destination</a>,
-     set |report block| to true.
-  1. If |block| or |report block|, <a>report violation</a> with |request|, |block|, |report block|,
-     |policy| and |report policy|.
-  1. If |block|, return "Blocked". Otherwise, return "Allowed".
+     set |reportBlock| to true.
+  1. If |block| is true or |reportBlock| is true, then <a>report violation</a>
+     with |request|, |block|, |reportBlock|, |policy| and |reportPolicy|.
+  1. If |block| is true, then return "`Blocked`"; otherwise "`Allowed`".
  
   ### Report violations ### {#report-violations}
 
@@ -590,57 +593,57 @@ spec:csp3; type:grammar; text:base64-value
   </pre>
 
   To <dfn>report violation</dfn> given a <a for=/>Request</a> |request|, a boolean |block|,
-  a boolean |report block|, an <a>integrity policy struct</a> |policy|,
-  and an <a>integrity policy struct</a> |report policy|, do the following:
+  a boolean |reportBlock|, an <a>integrity policy struct</a> |policy|,
+  and an <a>integrity policy struct</a> |reportPolicy|, do the following:
 
   1. <a>Assert</a>: |request|'s <a for=request>client</a> is not null.
-  1. Let |settings object| be |request|'s <a for=request>client</a>.
-  1. Let |global| be |settings object|'s <a for="environment settings object">global object</a>.
+  1. Let |settingsObject| be |request|'s <a for=request>client</a>.
+  1. Let |global| be |settingsObject|'s <a for="environment settings object">global object</a>.
   1. <a>Assert</a>: |global| is a {{Window}} or a {{WorkerGlobalScope}}.
   1. Let |url| be null.
   1. If |global| is a {{Window}}, set |url| to |global|'s <a>associated Document</a>'s {{Document/URL}}.
   1. If |global| is a {{WorkerGlobalScope}}, set |url| to |global|'s <a for=WorkerGlobalScope>URL</a>.
-  1. <a>Assert</a>: |url| a <a for=/>URL</a>.
-  1. Let |document URL| be the result of <a>strip URL for use in reports</a> on |url|.
-  1. Let |blocked URL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
+  1. <a>Assert</a>: |url| is a <a for=/>URL</a>.
+  1. Let |documentURL| be the result of <a>strip URL for use in reports</a> on |url|.
+  1. Let |blockedURL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
   1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
      1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
                  :   {{IntegrityPolicyViolationReportBody/documentURL}}
-                 ::  |document URL|
+                 ::  |documentURL|
                  :   {{IntegrityPolicyViolationReportBody/blockedURL}}
-                 ::  |blocked URL|
+                 ::  |blockedURL|
                  :   {{IntegrityPolicyViolationReportBody/destination}}
                  ::  |request|'s <a for=request>destination</a>
                  :   {{IntegrityPolicyViolationReportBody/reportOnly}}
                  ::  false
      2. <a>Generate and queue a report</a> with the following arguments:
               :   <var ignore>context</var>
-              ::  |settings object|
+              ::  |settingsObject|
               :   <var ignore>type</var>
-              ::  "integrity-policy-violation"
+              ::  "`integrity-policy-violation`"
               :   <var ignore>destination</var>
               ::  |endpoint|
               :   <var ignore>data</var>
               ::  |body|
-  1. If |report block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
-     1. Let |report body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
+  1. If |reportBlock|, <a for=list>for each</a> |endpoint| in |reportPolicy|'s <a>endpoints</a>:
+     1. Let |reportBody| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
                  :   {{IntegrityPolicyViolationReportBody/documentURL}}
-                 ::  |document URL|
+                 ::  |documentURL|
                  :   {{IntegrityPolicyViolationReportBody/blockedURL}}
-                 ::  |blocked URL|
+                 ::  |blockedURL|
                  :   {{IntegrityPolicyViolationReportBody/destination}}
                  ::  |request|'s <a for=request>destination</a>
                  :   {{IntegrityPolicyViolationReportBody/reportOnly}}
                  ::  true 
      2. <a>Generate and queue a report</a> with the following arguments:
               :   <var ignore>context</var>
-              ::  |settings object|
+              ::  |settingsObject|
               :   <var ignore>type</var>
-              ::  "integrity-policy-violation"
+              ::  "`integrity-policy-violation`"
               :   <var ignore>destination</var>
               ::  |endpoint|
               :   <var ignore>data</var>
-              ::  |report body|
+              ::  |reportBody|
 
   ### Integration ### {#integration}
 
@@ -653,7 +656,7 @@ spec:csp3; type:grammar; text:base64-value
   <a>parse Integrity-Policy headers</a> with <var ignore>response</var> and <var ignore>result</var>.
 
   Expand step 7 of <a>main fetch</a> to call <a>should request be blocked by integrity policy</a>
-  and return a <a>network error</a> if it returns "blocked"
+  and return a <a>network error</a> if it returns "`Blocked`".
 
   # Proxies # {#proxies}
 

From 562969359ef2919aff5a29533727aca27df3bae7 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Wed, 14 May 2025 22:09:06 +0200
Subject: [PATCH 18/19] More fixups

---
 index.bs | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/index.bs b/index.bs
index 597f48a..dad9412 100644
--- a/index.bs
+++ b/index.bs
@@ -541,14 +541,10 @@ spec:csp3; type:grammar; text:base64-value
   and a <a for=/>policy container</a> |container|, do the following:
 
   1. Let |headers| be |response|'s <a for=response>header list</a>.
-  1. If |headers| <a for="header list">contains</a> a <a>header</a>
-     whose <a>byte-lowercased</a> <a>header name</a>'s <a>isomorphic decode</a>
-     is "`integrity-policy`",
+  1. If |headers| <a for="header list">contains</a> ``integrity-policy``,
      set |container|'s <a>integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
-  1. If |headers| <a for="header list">contains</a> a <a>header</a>
-     whose <a>byte-lowercased</a> <a>header name</a>'s <a>isomorphic decode</a>
-     is "`integrity-policy-report-only`",
+  1. If |headers| <a for="header list">contains</a> ``integrity-policy-report-only``,
      set |container|'s <a>report only integrity policy</a> be the result of running
      <a>processing an integrity policy</a> with the corresponding <a>header value</a>.
   
@@ -606,7 +602,7 @@ spec:csp3; type:grammar; text:base64-value
   1. <a>Assert</a>: |url| is a <a for=/>URL</a>.
   1. Let |documentURL| be the result of <a>strip URL for use in reports</a> on |url|.
   1. Let |blockedURL| be the result of <a>strip URL for use in reports</a> on |request|'s <a for=request>URL</a>.
-  1. If |block|, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
+  1. If |block| is true, <a for=list>for each</a> |endpoint| in |policy|'s <a>endpoints</a>:
      1. Let |body| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
                  :   {{IntegrityPolicyViolationReportBody/documentURL}}
                  ::  |documentURL|
@@ -625,7 +621,7 @@ spec:csp3; type:grammar; text:base64-value
               ::  |endpoint|
               :   <var ignore>data</var>
               ::  |body|
-  1. If |reportBlock|, <a for=list>for each</a> |endpoint| in |reportPolicy|'s <a>endpoints</a>:
+  1. If |reportBlock| is true, <a for=list>for each</a> |endpoint| in |reportPolicy|'s <a>endpoints</a>:
      1. Let |reportBody| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
                  :   {{IntegrityPolicyViolationReportBody/documentURL}}
                  ::  |documentURL|

From 6b7e05d9232d7aab03afb162378007a72e501eb5 Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Fri, 16 May 2025 14:14:10 +0200
Subject: [PATCH 19/19] Link to reporting params

---
 index.bs | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/index.bs b/index.bs
index dad9412..f52cecd 100644
--- a/index.bs
+++ b/index.bs
@@ -613,13 +613,13 @@ spec:csp3; type:grammar; text:base64-value
                  :   {{IntegrityPolicyViolationReportBody/reportOnly}}
                  ::  false
      2. <a>Generate and queue a report</a> with the following arguments:
-              :   <var ignore>context</var>
+              :   <a for="generate and queue a report"><i>context</i></a>
               ::  |settingsObject|
-              :   <var ignore>type</var>
+              :   <a for="generate and queue a report"><i>type</i></a>
               ::  "`integrity-policy-violation`"
-              :   <var ignore>destination</var>
+              :   <a for="generate and queue a report"><i>destination</i></a>
               ::  |endpoint|
-              :   <var ignore>data</var>
+              :   <a for="generate and queue a report"><i>data</i></a>
               ::  |body|
   1. If |reportBlock| is true, <a for=list>for each</a> |endpoint| in |reportPolicy|'s <a>endpoints</a>:
      1. Let |reportBody| be a new {{IntegrityPolicyViolationReportBody}}, initialized as follows:
@@ -632,13 +632,13 @@ spec:csp3; type:grammar; text:base64-value
                  :   {{IntegrityPolicyViolationReportBody/reportOnly}}
                  ::  true 
      2. <a>Generate and queue a report</a> with the following arguments:
-              :   <var ignore>context</var>
+              :   <a for="generate and queue a report"><i>context</i></a>
               ::  |settingsObject|
-              :   <var ignore>type</var>
+              :   <a for="generate and queue a report"><i>type</i></a>
               ::  "`integrity-policy-violation`"
-              :   <var ignore>destination</var>
+              :   <a for="generate and queue a report"><i>destination</i></a>
               ::  |endpoint|
-              :   <var ignore>data</var>
+              :   <a for="generate and queue a report"><i>data</i></a>
               ::  |reportBody|
 
   ### Integration ### {#integration}