@@ -2215,20 +2215,23 @@ Content-Type: application/reports+json
22152215 1. Let |name| be the result of executing
22162216 [[#effective-directive-for-a-request]] on |request|.
22172217
2218- 2 . If the result of executing [[#should-directive-execute]] on |name|,
2218+ 1 . If the result of executing [[#should-directive-execute]] on |name|,
22192219 `connect-src` and |policy| is "`No`", return "`Allowed`".
22202220
2221- 3. If the result of executing [[#match-request-to-source-list]] on
2222- |request|, this directive's <a for="directive">value</a> , and
2223- |policy|, is "`Matches`", return "`Allowed`".
2221+ 1. Let |source list| be directive's <a for="directive">value</a> .
22242222
2225- 4. If |request|'s [=request/mode=] is "`webtransport`", |request|' s
2226- <a for="request">unsafe-webtransport-hashes flag</a> is set, and
2227- the result of executing [[#allow-unsafe-webtransport-hashes]]
2228- on this directive's <a for="directive">value</a> , is "`Matches`",
2229- return "`Allowed`".
2223+ 1. If the result of executing [[#match-request-to-source-list]] on
2224+ |request|, |source list|, and |policy|, is "`Matches`", return
2225+ "`Allowed`".
2226+
2227+ 1. If |request|'s [=request/mode=] is "`webtransport`", |request|' s
2228+ <a for="request">unsafe-webtransport-hashes</a> is not empty, and
2229+ |source list| [=list/contains=] a <a>source expression</a> which
2230+ is an <a>ASCII case-insensitive</a> match for the
2231+ <a grammar>`keyword-source`</a>
2232+ "<a grammar>`'unsafe-webtransport-hashes'`</a> ", return "`Allowed`".
22302233
2231- 5 . Return "`Blocked`".
2234+ 1 . Return "`Blocked`".
22322235
22332236 <h5 algorithm id="connect-src-post-request">
22342237 `connect-src` Post-request check
@@ -2242,14 +2245,23 @@ Content-Type: application/reports+json
22422245 1. Let |name| be the result of executing
22432246 [[#effective-directive-for-a-request]] on |request|.
22442247
2245- 2 . If the result of executing [[#should-directive-execute]] on |name|,
2248+ 1 . If the result of executing [[#should-directive-execute]] on |name|,
22462249 `connect-src` and |policy| is "`No`", return "`Allowed`".
22472250
2248- 3. If the result of executing [[#match-response-to-source-list]] on
2249- |response|, |request|, this directive's <a for="directive">value</a> ,
2250- and |policy|, is "`Does Not Match`", return "`Blocked`".
2251+ 1. Let |source list| be directive's <a for="directive">value</a> .
22512252
2252- 4. Return "`Allowed`".
2253+ 1. If the result of executing [[#match-response-to-source-list]] on
2254+ |response|, |request|, |source list|, and |policy|, is "`Matches`",
2255+ return "`Allowed`".
2256+
2257+ 1. If |request|'s [=request/mode=] is "`webtransport`", |request|' s
2258+ <a for="request">unsafe-webtransport-hashes</a> is not empty, and
2259+ |source list| [=list/contains=] a <a>source expression</a> which
2260+ is an <a>ASCII case-insensitive</a> match for the
2261+ <a grammar>`keyword-source`</a>
2262+ "<a grammar>`'unsafe-webtransport-hashes'`</a> ", return "`Allowed`".
2263+
2264+ 1. Return "`Blocked`".
22532265
22542266 <h4 id="directive-default-src">`default-src`</h4>
22552267
0 commit comments