CREDENTIAL: Tweak the opaque rules.

mikewest · mikewest · commit cb75a47ea764 · 2015-09-02T12:30:09.000+02:00
diff --git a/specs/credentialmanagement/index.src.html b/specs/credentialmanagement/index.src.html
@@ -75,8 +75,14 @@ <h1>Credential Management Level 1</h1>
     text: RequestInfo
     text: Response
     text: Request
+    text: Body
   type: method
     text: fetch(); url: dom-global-fetch
+    text: arrayBuffer(); for: Body; dom-Body-arrayBuffer
+    text: blob(); for: Body; dom-Body-blob
+    text: formData(); for: Body; dom-Body-formData
+    text: json(); for: Body; dom-Body-json
+    text: text(); for: Body; dom-Body-text
   type: constructor
     text: Request(); url: dom-request
     text: Response(); url: dom-response
@@ -988,73 +994,71 @@ <h5 id="monkey-patching-xhr-3">XHR: <code>FormData</code>'s <code>getAll()</code
     </li>
   </ol>
 
-  <h5 id="monkey-patching-fetch-1">Fetch: <code>Request</code> objects</h5>
+  <h5 id="monkey-patching-fetch-1">Fetch: <code>Body</code> objects</h5>
 
-  Add a new <dfn>opaque request flag</dfn> to Fetch's {{Request}} objects. This
-  flag is unset unless otherwise specified.
+  Add a new <dfn attribute for="Body">opaque flag</dfn> to Fetch's {{Body}}
+  interface. This flag is unset unless otherwise specified.
 
-  <h5 id="monkey-patching-fetch-2">Fetch: <code>Request</code>'s constructor</h5>
+  Replace the {{Body/arrayBuffer()}} method's definition with:
 
-  Add the following step after step 3 of step 17 of Fetch's {{Request()}}
-  constructor:
+  1.  If the <a attribute for="Body">opaque flag</a> is set, return a
+      <code>Promise</code> rejected with a <code>TypeError</code>.
 
-  <ol>
-    <li>
-      If <var>init</var>'s <code>body</code> member is a {{FormData}} object
-      whose <a>opaque flag</a> is set, set <var>r</var>'s <strong>opaque
-      flag</strong>.
-    </li>
-  </ol>
+  2.  Return the result of running <a>consume body</a> with
+      <var>ArrayBuffer</var>.
 
-  <h5 id="monkey-patching-fetch-3">Fetch: <code>Body</code>'s <code>consume body</code></h5>
+  Replace the {{Body/blob()}} method's definition with:
 
-  Insert the following step after step 2 of step 3 of Fetch's <a>consume
-  body</a> algorithm:
+  1.  If the <a attribute for="Body">opaque flag</a> is set, return a
+      <code>Promise</code> rejected with a <code>TypeError</code>.
 
-  <ol start="3">
-    <li>
-      If <var>object</var>'s <a>opaque request flag</a> is set, set
-      <var>stream</var> to an empty byte sequence.
-    </li>
-  </ol>
+  2.  Return the result of running <a>consume body</a> with
+      <var>Blob</var>.
 
-  <h5 id="monkey-patching-fetch-4">Fetch: Extract a byte stream</h5>
+  Replace the {{Body/formData()}} method's definition with:
 
-  Redefine the {{FormData}} case of Fetch's <a lt="extract">extract a byte
-  stream and <code>Content-Type</code></a> algorithm as follows:
+  1.  If the <a attribute for="Body">opaque flag</a> is set, return a
+      <code>Promise</code> rejected with a <code>TypeError</code>.
 
-  <ol>
-    <li>
-      If <var>object</var>'s <a>opaque flag</a> is <strong>not</strong> set,
-      or if the extraction algorithm is being executed in the context of
-      {{XMLHttpRequest}}'s {{XMLHttpRequest/send()}} method or Fetch's
-      {{Request()}} constructor, then:
+  2.  Return the result of running <a>consume body</a> with
+      <var>FormData</var>.
 
-      <ol>
-        <li>
-          Push the result of running the multipart/form-data encoding algorithm, with object as form data set and with utf-8 as the explicit character encoding, to stream.
-        </li>
-        <li>
-          Set Content-Type to `multipart/form-data;boundary=`, followed by the multipart/form-data boundary string generated by the multipart/form-data encoding algorithm.
-        </li>
-      </ol>
+  Replace the {{Body/json()}} method's definition with:
 
-    </li>
-    <li>
-      Otherwise, set <var>Content-Type</var> to <code>text/plain;charset=UTF-8</code>.
+  1.  If the <a attribute for="Body">opaque flag</a> is set, return a
+      <code>Promise</code> rejected with a <code>TypeError</code>.
+
+  2.  Return the result of running <a>consume body</a> with
+      <var>JSON</var>.
+
+  Replace the {{Body/text()}} method's definition with:
+
+  1.  If the <a attribute for="Body">opaque flag</a> is set, return a
+      <code>Promise</code> rejected with a <code>TypeError</code>.
 
-      Note: In this case (e.g. <var>object</var> is opaque
-      and the algorithm isn't being executed as a result of
-      <code>XHR.send()</code>), <var>stream</var> will remain an empty byte
-      stream.
+  2.  Return the result of running <a>consume body</a> with
+      <var>text</var>.
+
+  Note: We reject each of the accessor methods' <code>Promise</code>s, which
+  which means that the body remains unconsumed.
+
+  <h5 id="monkey-patching-fetch-2">Fetch: <code>Request</code>'s constructor</h5>
+
+  Perform the following after step 33 of the current {{Request()}} constructor:
+
+  <ol start="34">
+    <li>
+      If <var>init</var>'s body member is a {{FormData}} object whose <a>opaque
+      flag</a> is set, or <var>input</var>'s <a attribute for="Body">opaque
+      flag</a> is set, set <var>r</var>'s <a attribute for="Body">opaque
+      flag</a>.
     </li>
   </ol>
 
   <h5 id="monkey-patching-serviceworkers-1">Service Worker: Handle a Fetch</h5>
 
-  ISSUE: Figure out the right way to monkey-patch Service Worker's
-  <a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#handle-a-fetch">Handle a Fetch</a>
-  algorithm to do the right thing with opaque requests.
+  ISSUE: Currently, we're not protecting requests with opaque bodies from
+  Service Worker interception. Should we?
 </section>
 
 <!--
