2.1.16 Section 7.1.7, Generic Cross-Origin Request Algorithms

  • Article

V0016

The specification states:

Whenever the make a request steps are applied, fetch the request URL from origin source origin using referrer source as override referrer source with the manual redirect flag set, and the block cookies flag set if the omit credentials flag is set. Use method request method, entity body request entity body, including the author request headers, and include user credentials if the omit credentials flag is unset. 

Whenever the redirect steps are applied, follow this set of steps:

1.  Let original URL be the request URL.
  
2.  Let request URL be the URL conveyed by the Location header in the redirect response.
 
 
3.  If the request URL <scheme> is not supported, infinite loop precautions are violated, or the user agent does not wish to make the new request for some other reason, apply the network error steps. 
 
 
4.  If the request URL contains the userinfo production apply the network error steps.
 
 
5.  If the resource sharing check for the current resource returns fail, apply the network error steps. 
 
 
6.  If the request URL origin is not same origin with the original URL origin, set source origin to a globally unique identifier (becomes "null" when transmitted). 
 
 
7.  Transparently follow the redirect while observing the set of request rules. 

 Whenever the abort steps are applied, terminate the algorithm that invoked this set of steps and set the cross-origin request status to abort error.
  
 Whenever the network error steps are applied, terminate the algorithm that invoked this set of steps and set the cross-origin request status to network error.
  
 Note: This has no effect on setting of user credentials. I.e. if the block cookies flag is unset, cookies will be set by the response. 
 
 
 Whenever the cache and network error steps are applied, follow these steps:

1.  Remove the entries in the preflight result cache where origin field value is a case-sensitive match for source origin and url field value is a case-sensitive match for request URL.

2.  Apply the network error steps acting as if the algorithm that invoked the cache and network error steps invoked the network error steps instead.

 There is a cache match when there is a cache entry in the preflight result cache for which the following is true:

§   The origin field value is a case-sensitive match for source origin.
§   The url field value is a case-sensitive match for request URL.
§   The credentials field value is true and the omit credentials flag is unset, or it is false and the omit credentials flag is set. 

 There is a method cache match when there is a cache entry for which there is a cache match and the method field value is a case-sensitive match for the given method.
  
 There is a header cache match when there is a cache entry for which there is a cache match and the header field value is an ASCII case-insensitive match for the given header field name.

IE8 Mode, IE9 Mode, and IE10 Mode (All Versions)

The redirect origin check, method cache, header cache, preflight cache checks, and updates are not supported.