Expose TAO-origin check

Required for whatwg#1221 Blocks whatwg/html#7531 Closes whatwg#1421
noamr · Mar 29, 2022 · 090a930 · 090a930
1 parent 92b3578
commit 090a930
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/fetch.bs b/fetch.bs
@@ -6030,14 +6030,29 @@ agent's <a>CORS-preflight cache</a> for which there is a <a>cache entry match</a
  <li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>basic</code>", then
  return success.
 
+ <li><p>Let <var>origin</var> be null if <var>request</var> has a
+ <a for=request>redirect-tainted origin</a>, <var>request</var>'s <a for=request>origin</a>
+ otherwise.
+
+ <li><p>Return the result of perorming a <a>TAO origin check</a> given <var>origin</var> and
+ <var>response</var>.
+
+</ol>
+
+<p>To perorm a <dfn export>TAO origin check</dfn> for a null or <span>origin</span>
+<var>origin</var> and a <span>response</span> <var>response</var>, run these steps:
+
+<ol>
  <li><p>Let <var>values</var> be the result of
  <a for="header list">getting, decoding, and splitting</a> `<code>Timing-Allow-Origin</code>` from
  <var>response</var>'s <a for=response>header list</a>.
 
  <li><p>If <var>values</var> <a for=list>contains</a> "<code>*</code>", then return success.
 
+ <li><p>If <var>origin</var> is null, then return failure.
+
  <li><p>If <var>values</var> <a for=list>contains</a> the result of
- <a>serializing a request origin</a> with <var>request</var>, then return success.
+ <a lt="ASCII serialization of an origin">serializing</a> <var>origin</var>, then return success.
 
  <li><p>Return failure.
 </ol>