diff --git a/spec/index.bs b/spec/index.bs index dacb621c..e900862b 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -354,6 +354,26 @@ value |value|: +### Infrastructure algorithm ### {#infra-algorithm} + +
+An [=environment settings object=] (|settings|) is same-site with its + ancestors if the following algorithm returns `true`: + +1. If |settings|'s [=relevant global object=] has no [=associated Document=], + return `false`. +1. Let |document| be |settings|' [=relevant global object=]'s [=associated Document=]. +1. If |document| has no [=Document/browsing context=], return `false`. +1. Let |origin| be |settings|' [=environment settings object/origin=]. +1. Let |navigable| be |document|'s [=node navigable=]. +1. While |navigable| has a non-null [=navigable/parent=]: + 1. Set |navigable| to |navigable|'s [=navigable/parent=]. + 1. If |navigable|'s [=active document=]'s [=Document/origin=] is not + [=/same site=] with |origin|, return `false`. +1. Return `true`. + +
+ ### HTTP header API ### {#login-status-http} [=IDPs=] can set the login status using an HTTP [=response=] [=header=] as follows. @@ -366,14 +386,15 @@ be the result of [=get a structured field value=] from the response's header list with name "Set-Login" and type "`item`". If |value| is not null, process this header as follows: +
1. Let |origin| be the response's [=response/URL=]'s [=/origin=]. 1. Let |client| be the [=/request=]'s [=request/client=]. 1. If the request's [=request/destination=] is not `"document"`: 1. If |client| is null, return. - 1. If |origin| is not [=same origin=] with the [=/request=]'s + 1. If |origin| is not [=/same site=] with the [=/request=]'s [=request/origin=], return. - 1. If |client| is not [=same-origin with its ancestors=], return. + 1. If |client| is not [=same-site with its ancestors=], return. 1. Assert that |value| is a tuple. 1. Let |token| be the first entry of |value|. 1. If |token| is `"logged-in"`, [=set the login status=] for |origin| @@ -406,7 +427,7 @@ partial interface Navigator {
When {{NavigatorLogin/setStatus()}} is called with argument |status|: -1. If the [=current settings object=] is not [=same-origin with its ancestors=], +1. If the [=current settings object=] is not [=same-site with its ancestors=], throw a {{SecurityError}} {{DOMException}}. 1. Let |origin| be the [=current settings object=]'s [=environment settings object/origin=].