Skip to content

Commit

Permalink
same domain
Browse files Browse the repository at this point in the history
  • Loading branch information
npm1 committed Oct 4, 2023
1 parent f7d867e commit 4e68628
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -1168,8 +1168,8 @@ To <dfn>fetch request</dfn> given a [=/request=] |request|, |globalObject|, and

<div algorithm>
When <dfn>computing the manifest URL</dfn> given an {{IdentityProviderConfig}} |provider|, a
[=string=] |manifestString|, and |globalObject|, perform the following steps. This returns a
<a spec=url for=/>URL</a> or failure.
[=string=] |manifestString|, a boolean |requireSameOrigin|, and |globalObject|, perform the
following steps. This returns a <a spec=url for=/>URL</a> or failure.
1. Let |configUrl| be the result of running [=parse url=] with |provider|'s
{{IdentityProviderConfig/configURL}} and |globalObject|.
1. Let |manifestUrl| be the result of running [=parse url=] given |manifestString| (the relative
Expand All @@ -1180,7 +1180,10 @@ When <dfn>computing the manifest URL</dfn> given an {{IdentityProviderConfig}} |
allowed.

1. If |manifestUrl| is failure, return failure.
1. If |manifestUrl| is not [=same origin=] with |configUrl|, return failure.
1. If |requireSameOrigin| and |manifestUrl| is not [=same origin=] with |configUrl|, return
failure.
1. If |requireSameOrigin| is false and |manifestUrl|'s <a spec=url>domain</a> is not equal to
|configUrl|'s, return failure.
1. If |manifestUrl| is not a [=potentially trustworthy URL=], return failure.
1. Return |manifestUrl|.
</div>
Expand Down

0 comments on commit 4e68628

Please sign in to comment.