Add the manifest link relation

This integrates the manifest link relation into the HTML Standard, using
its existing link-fetching machinery to replace what was previously in
https://w3c.github.io/manifest/#manifest-life-cycle. This includes the
following changes from those algorithms:

* It sets the request's client.
* It respects the nonce="", integrity="", and referrerpolicy=""
  attributes.
* It causes non-ok status responses to fail, instead of processing the
  response body anyway.
* It sets the use-URL-credentials flag.
* It changes the handling of the crossorigin="" attribute to be
  consistent with the modulepreload link relation, with a default of
  "same-origin" instead of "omit".

Co-authored-by: Domenic Denicola <d@domenic.me>
Co-authored-by: Marcos Cáceres <mcaceres@mozilla.com>

source

@@ -3976,6 +3976,18 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
      <li><dfn data-x-href="https://storage.spec.whatwg.org/#legacy-clone-a-browsing-session-storage-shed">legacy-clone a browsing session storage shed</dfn></li>
     </ul>
    </dd>
+
+   <dt>Web App Manifest</dt>
+
+   <dd>
+    <p>The following features are defined in <cite>Web App Manifest</cite>: <ref spec=MANIFEST></p>
+
+    <ul class="brief">
+     <li><dfn data-x-href="https://w3c.github.io/manifest/#dfn-manifest">application manifest</dfn></li>
+     <li><dfn data-x-href="https://w3c.github.io/manifest/#dfn-installed-web-application">installed web application</dfn></li>
+     <li><dfn data-x-href="https://w3c.github.io/manifest/#dfn-processing-a-manifest">process the manifest</dfn></li>
+    </ul>
+   </dd>
   </dl>
 
   <hr>
@@ -6676,13 +6688,14 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
   <p>The majority of fetches governed by <span data-x="CORS settings attribute">CORS settings
   attributes</span> will be done via the <span>create a potential-CORS request</span> algorithm.</p>
 
-  <p>For <span data-x="module script">module scripts</span>, certain <span data-x="CORS settings
-  attribute">CORS settings attributes</span> have been repurposed to have a slightly different
-  meaning, wherein they only impact the <span data-x="concept-request">request</span>'s <span
-  data-x="concept-request-credentials-mode">credentials mode</span> (since the <span
-  data-x="concept-request-mode">mode</span> is always "<code data-x="">cors</code>"). To perform
-  this translation, we define the <dfn>module script credentials mode</dfn> for a given <span>CORS
-  settings attribute</span> to be determined by switching on the attribute's state:</p>
+  <p id="module-script-credentials-mode">For more modern features, where the request's <span
+  data-x="concept-request-mode">mode</span> is always "<code data-x="">cors</code>", certain <span
+  data-x="CORS settings attribute">CORS settings attributes</span> have been repurposed to have a
+  slightly different meaning, wherein they only impact the <span
+  data-x="concept-request">request</span>'s <span
+  data-x="concept-request-credentials-mode">credentials mode</span>. To perform this translation, we
+  define the <dfn>CORS settings attribute credentials mode</dfn> for a given <span>CORS settings
+  attribute</span> to be determined by switching on the attribute's state:</p>
 
   <dl class="switch">
    <dt><span data-x="attr-crossorigin-none">No CORS</span></dt>
@@ -13151,6 +13164,7 @@ interface <dfn>HTMLLinkElement</dfn> : <span>HTMLElement</span> {
   <code data-x="rel-alternate">alternate</code>,
   <code data-x="rel-dns-prefetch">dns-prefetch</code>,
   <code data-x="rel-icon">icon</code>,
+  <code data-x="rel-manifest">manifest</code>,
   <code data-x="rel-modulepreload">modulepreload</code>,
   <code data-x="rel-next">next</code>,
   <code data-x="rel-pingback">pingback</code>,
@@ -23838,6 +23852,14 @@ document.body.appendChild(wbr);</code></pre>
      <td>Imports an icon to represent the current document.</td>
     </tr>
 
+    <tr>
+     <td><code data-x="rel-manifest">manifest</code></td>
+     <td><span data-x="external resource link">External Resource</span></td>
+     <td colspan="2"><em>not allowed</em></td>
+     <td class="no"> &middot; </td>
+     <td>Imports or links to an <span>application manifest</span>. <ref spec=MANIFEST></td>
+    </tr>
+
     <tr>
      <td><code data-x="rel-modulepreload">modulepreload</code></td>
      <td><span data-x="external resource link">External Resource</span></td>
@@ -24441,6 +24463,72 @@ document.body.appendChild(wbr);</code></pre>
   </div>
 
 
+  <h5>Link type "<dfn><code data-x="rel-manifest">manifest</code></dfn>"</h5>
+
+  <p>The <code data-x="rel-manifest">manifest</code> keyword may be used with <code>link</code> elements.
+  This keyword creates an <span data-x="external resource link">external resource link</span>.</p>
+
+  <p>The <code data-x="rel-manifest">manifest</code> keyword indicates the manifest file that provides
+  metadata associated with the current document.</p>
+
+  <div w-nodev>
+
+  <p>There is no default type for resources given by the <code data-x="rel-manifest">manifest</code>
+  keyword.</p>
+
+  <p>The appropriate time to <span>fetch and process the linked resource</span> for this link type
+  is when the user agent deems it necessary. For example, when the user chooses to <span
+  data-x="installed web application">install the web application</span>. In that case, only the
+  first <code>link</code> element in <span>tree order</span> whose <code
+  data-x="attr-link-rel">rel</code> attribute contains the token <code
+  data-x="rel-manifest">manifest</code> may be used.</p>
+
+  <p>A user agent must not <span>delay the load event</span> for this link type.</p>
+
+  <p>The <span>linked resource fetch setup steps</span> for this type of linked resource, given a
+  <code>link</code> element <var>el</var> and <span data-x="concept-request">request</span>
+  <var>request</var>, are:</p>
+
+  <ol>
+   <li><p>Let <var>context</var> be <var>el</var>'s <span>node document</span>'s <span
+   data-x="concept-document-bc">browsing context</span>.</p></li>
+
+   <li><p>If <var>context</var> is null, then return false.</p></li>
+
+   <li><p>If <var>context</var> is not a <span>top-level browsing context</span>, then return
+   false.</p></li>
+
+   <li><p>Set <var>request</var>'s <span data-x="concept-request-initiator">initiator</span> to
+   "<code data-x="">manifest</code>".</p></li>
+
+   <li><p>Set <var>request</var>'s <span data-x="concept-request-destination">destination</span> to
+   "<code data-x="">manifest</code>".</p></li>
+
+   <li><p>Set <var>request</var>'s <span data-x="concept-request-mode">mode</span> to "<code
+   data-x="">cors</code>".</p></li>
+
+   <li><p>Set <var>request</var>'s <span data-x="concept-request-credentials-mode">credentials
+   mode</span> to the <span>CORS settings attribute credentials mode</span> for <var>el</var>'s
+   <code data-x="attr-link-crossorigin">crossorigin</code> content attribute.</p></li>
+
+   <li><p>Return true.</p></li>
+  </ol>
+
+  <p>To <span data-x="process the linked resource">process this type of linked resource</span> given
+  a <code>link</code> element <var>el</var>, boolean <var>success</var>, and <span
+  data-x="concept-response">response</span> <var>response</var>:</p>
+
+  <ol>
+   <li><p>If <var>response</var>'s <span data-x="Content-Type">Content-Type metadata</span> is not a
+   <span>JSON MIME type</span>, then set <var>success</var> to false.</p></li>
+
+   <li><p>If <var>success</var> is true, then <span>process the manifest</span> given <var>el</var>
+   and <var>response</var>. <ref spec=MANIFEST></p></li>
+  </ol>
+
+  </div>
+
+
   <h5>Link type "<dfn><code data-x="rel-modulepreload">modulepreload</code></dfn>"</h5>
 
   <p>The <code data-x="rel-modulepreload">modulepreload</code> keyword may be used with
@@ -24521,8 +24609,8 @@ document.body.appendChild(wbr);</code></pre>
    <li><p>Let <var>settings object</var> be the <code>link</code> element's <span>node
    document</span>'s <span>relevant settings object</span>.</p></li>
 
-   <li><p>Let <var>credentials mode</var> be the <span>module script credentials mode</span> for the
-   <code data-x="attr-link-crossorigin">crossorigin</code> attribute.</p></li>
+   <li><p>Let <var>credentials mode</var> be the <span>CORS settings attribute credentials
+   mode</span> for the <code data-x="attr-link-crossorigin">crossorigin</code> attribute.</p></li>
 
    <li><p>Let <var>cryptographic nonce</var> be the current value of the element's
    <span>[[CryptographicNonce]]</span> internal slot.</p></li>
@@ -57863,9 +57951,9 @@ o............A....e
    <li><p>Let <var>classic script CORS setting</var> be the current state of the element's <code
    data-x="attr-script-crossorigin">crossorigin</code> content attribute.</p></li>
 
-   <li><p>Let <var>module script credentials mode</var> be the <span>module script credentials
-   mode</span> for the element's <code data-x="attr-script-crossorigin">crossorigin</code> content
-   attribute.</p>
+   <li><p>Let <var>module script credentials mode</var> be the <span>CORS settings attribute
+   credentials mode</span> for the element's <code
+   data-x="attr-script-crossorigin">crossorigin</code> content attribute.</p>
 
    <li><p>Let <var>cryptographic nonce</var> be the element's <span>[[CryptographicNonce]]</span>
    internal slot's value.</p></li>
@@ -121845,6 +121933,9 @@ INSERT INTERFACES HERE
    <dt id="refsMAILTO">[MAILTO]</dt>
    <dd>(Non-normative) <cite><a href="https://tools.ietf.org/html/rfc6068">The 'mailto' URI scheme</a></cite>, M. Duerst, L. Masinter, J. Zawinski. IETF.</dd>
 
+   <dt id="refsMANIFEST">[MANIFEST]</dt>
+   <dd><cite><a href="https://www.w3.org/TR/appmanifest/">Web App Manifest</a></cite>, M. Caceres, K. Rohde Christiansen, M. Lamouri, A. Kostiainen, M. Giuca, A. Gustafson. W3C.</dd>
+
    <dt id="refsMATHML">[MATHML]</dt>
    <dd><cite><a href="https://www.w3.org/Math/draft-spec/">Mathematical Markup Language (MathML)</a></cite>, D. Carlisle, P. Ion, R. Miner. W3C.</dd>