Skip to content

Commit 67a423f

Browse files
clellandannevk
clelland
authored and
annevk
committed
Integrate Feature Policy: "sync-xhr"
This adds a policy-controlled feature, named 'sync-xhr', which can be disabled in a document to turn off synchronous requests for that document (and documents in all descendant frames). Calling send() on a synchronous request in a document where "sync-xhr" is disabled will result in a "NetworkError" DOMException exception being thrown. Caveat: whatwg/html#3287 which redefines "allowed to use" in HTML to be more like https://wicg.github.io/feature-policy/#allowed-to-use has not yet landed. If that takes significant time we should add a note to its usage here. Tests: xhr/xmlhttprequest-sync-default-feature-policy.sub.html in web-platform-tests. Fixes #178.
1 parent c6583e9 commit 67a423f

File tree

1 file changed

+15
-2
lines changed

1 file changed

+15
-2
lines changed

xhr.bs

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,12 +136,13 @@ community.
136136
<h2 id=terminology>Terminology</h2>
137137

138138
<p>This specification uses terminology, cross-linked throughout, from DOM,
139-
DOM Parsing and Serialization, Encoding, Fetch, File API, HTML, HTTP, URL, Web IDL, and
140-
XML.
139+
DOM Parsing and Serialization, Encoding, Feature Policy, Fetch, File API, HTML,
140+
HTTP, URL, Web IDL, and XML.
141141

142142
[[!DOM]]
143143
[[!DOMPS]]
144144
[[!ENCODING]]
145+
[[!FEATURE-POLICY]]
145146
[[!FETCH]]
146147
[[!FILEAPI]]
147148
[[!HTML]]
@@ -998,6 +999,11 @@ method must run these steps:
998999
<p>Otherwise, if the <a>synchronous flag</a> is set, run these substeps:
9991000

10001001
<ol>
1002+
<li><p>If <a>context object</a>'s <a>relevant settings object</a> has a
1003+
<a>responsible document</a> which is <em>not</em> <a>allowed to use</a> the
1004+
"<code><a>sync-xhr</a></code>" feature, then run <a>handle response end-of-body</a> for a
1005+
<a>network error</a> and return.
1006+
10011007
<li>
10021008
<p>Let <var>response</var> be the result of
10031009
<a for=/>fetching</a> <var>req</var>.
@@ -2007,6 +2013,12 @@ attributes initialized to false, so it is suggested that for consistency all
20072013
{{ProgressEvent}} interface do the same.
20082014

20092015

2016+
<h3 id=feature-policy-integration>Feature Policy Integration</h3>
2017+
2018+
<p>This specification defines a <a>policy-controlled feature</a> identified by the string
2019+
"<code><dfn>sync-xhr</dfn></code>". Its <a>default allowlist</a> is <code>*</code>.
2020+
2021+
20102022
<h3 id=security-considerations>Security Considerations</h3>
20112023

20122024
<p>For cross-origin requests some kind of opt-in, e.g. the
@@ -2100,6 +2112,7 @@ Hallvord R. M. Steen,
21002112
Henri Sivonen,
21012113
Hiroshige Hayashizaki,
21022114
Huub Schaeks,
2115+
Ian Clelland,
21032116
Ian Davis,
21042117
Ian Hickson,
21052118
Ivan Herman,

0 commit comments

Comments
 (0)