HTML Standard Tracker

Filter

File a bug

SVNBugCommentTime (UTC)
40117599Synchronise with the latest Origin spec rules and semantics.2009-09-28 23:51
@@ -4655,42 +4655,45 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
       <td> The (empty) <span title="url-fragment">&lt;fragment&gt;</span> component is not part of the <span title="url-query">&lt;query&gt;</span> component.
    </table>
 
   </div>
 
 
   <div class="impl">
 
   <h3>Fetching resources</h3>
 
-  <p>When a user agent is to <dfn>fetch</dfn> a resource, the
-  following steps must be run:</p>
+  <p>When a user agent is to <dfn>fetch</dfn> a resource, optionally
+  from an origin <i title="">origin</i>, the following steps must be
+  run:</p>
 
   <ol>
 
    <li><p>If the resource is identified by the <span>URL</span>
    <dfn><code>about:blank</code></dfn>, then return the empty string
    and abort these steps.</p></li>
 
    <li><p>Perform the remaining steps asynchronously.</p></li>
 
    <li>
 
     <p>If the resource is identified by an <span>absolute URL</span>,
     and the resource is to be obtained using an idempotent action
     (such as an HTTP GET <span title="concept-http-equivalent-get">or
     equivalent</span>), and it is already being downloaded for other
-    reasons (e.g. another invocation of this algorithm), and the user
-    agent is configured such that it is to reuse the data from the
-    existing download instead of initiating a new one, then use the
-    results of the existing download instead of starting a new
-    one.</p>
+    reasons (e.g. another invocation of this algorithm), and this
+    request would be identical to the previous one (e.g. same <code
+    title="http-accept">Accept</code> and <code
+    title="http-origin">Origin</code> headers), and the user agent is
+    configured such that it is to reuse the data from the existing
+    download instead of initiating a new one, then use the results of
+    the existing download instead of starting a new one.</p>
 
     <p>Otherwise, at a time convenient to the user and the user agent,
     download (or otherwise obtain) the resource, applying the
     semantics of the relevant specifications (e.g. performing an HTTP
     GET or POST operation, or reading the file from disk, following
     redirects, <span title="concept-js-deref">dereferencing <span
     title="javascript protocol"><code title="">javascript:</code>
     URLs</span></span>, etc).</p>
 
     <p>For purposes of generating the <i>address of the resource from
@@ -4712,20 +4715,28 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
      <dd>The element's <code>Document</code>.</dd>
 
      <dt>When fetching resources in response to a call to an API</dt>
 
      <dd>The <span>active document</span> of the <span title="script's
      browsing context">browsing context</span> of the <span>first
      script</span>.</dd>
 
     </dl>
 
+    <p>For the purposes of the <code title="http-origin">Origin</code>
+    header, if the <span title="fetch">fetching algorithm</span> was
+    explicitly initiated from an <i title="">origin</i>, then <i
+    title="">the origin that initiated the HTTP request</i> is <i
+    title="">origin</i>. Otherwise, this is <i title="">a request from
+    a "privacy-sensitive" context</i>. <a
+    href="#refsORIGIN">[ORIGIN]</a></p>
+
    </li>
 
    <li>
 
     <p>If there are cookies to be set, then the user agent must run
     the following substeps:</p>
 
     <ol>
 
      <li><p>Wait until ownership of the <span>storage mutex</span> can
@@ -11012,28 +11023,29 @@ gave me some of the songs they wrote. I love sharing my music.&lt;/p>
   title="">rel="stylesheet"</code>, they each count as a separate
   external resource, and each is affected by its own attributes
   independently.</p>
 
   <p>The exact behavior for links to external resources depends on the
   exact relationship, as defined for the relevant link type. Some of
   the attributes control whether or not the external resource is to be
   applied (as defined below). <span class="impl">For external
   resources that are represented in the DOM (for example, style
   sheets), the DOM representation must be made available even if the
-  resource is not applied. To obtain the resource, the user agent must
-  <span title="resolve a url">resolve</span> the <span>URL</span>
-  given by the <code title="attr-link-href">href</code> attribute,
-  relative to the element, and then <span>fetch</span> the resulting
-  <span>absolute URL</span>. User agents may opt to only
-  <span>fetch</span> such resources when they are needed, instead of
-  pro-actively <span title="fetch">fetching</span> all the external
-  resources that are not applied.</span></p>
+  resource is not applied. To <dfn title="concept-link-obtain">obtain
+  the resource</dfn>, the user agent must <span title="resolve a
+  url">resolve</span> the <span>URL</span> given by the <code
+  title="attr-link-href">href</code> attribute, relative to the
+  element, and then <span>fetch</span> the resulting <span>absolute
+  URL</span>. User agents may opt to only <span>fetch</span> such
+  resources when they are needed, instead of pro-actively <span
+  title="fetch">fetching</span> all the external resources that are
+  not applied.</span></p> <!-- http-origin privacy sensitive -->
 
   <div class="impl">
 
   <p>The semantics of the protocol used (e.g. HTTP) must be followed
   when fetching external resources. (For example, redirects must be
   followed and 404 responses must cause the external resource to not
   be applied.)</p>
 
   <!-- similar text in various places -->
   <p>Fetching external resources must <span>delay the load
@@ -11154,29 +11166,32 @@ gave me some of the songs they wrote. I love sharing my music.&lt;/p>
   optionally with parameters.</p>
 
   <p>For <span title="external resource link">external resource
   links</span>, the <code title="attr-link-type">type</code> attribute
   is used as a hint to user agents so that they can avoid fetching
   resources they do not support. <span class="impl">If the attribute
   is present, then the user agent must assume that the resource is of
   the given type. If the attribute is omitted, but the external
   resource link type has a default type defined, then the user agent
   must assume that the resource is of that type. If the UA does not
-  support the given <span>MIME type</span> for the given link relationship, then
-  the UA should not fetch the resource; if the UA does support the
-  given <span>MIME type</span> for the given link relationship, then the UA should
-  <span>fetch</span> the resource. If the attribute is omitted, and
-  the external resource link type does not have a default type
-  defined, but the user agent would fetch the resource if the type was
-  known and supported, then the user agent should <span>fetch</span>
-  the resource under the assumption that it will be
-  supported.</span></p>
+  support the given <span>MIME type</span> for the given link
+  relationship, then the UA should not <span
+  title="concept-link-obtain">obtain</span> the resource; if the UA
+  does support the given <span>MIME type</span> for the given link
+  relationship, then the UA should <span
+  title="concept-link-obtain">obtain</span> the resource. If the
+  attribute is omitted, and the external resource link type does not
+  have a default type defined, but the user agent would <span
+  title="concept-link-obtain">obtain</span> the resource if the type
+  was known and supported, then the user agent should <span
+  title="concept-link-obtain">obtain</span> the resource under the
+  assumption that it will be supported.</span></p>
 
   <div class="impl">
 
   <p>User agents must not consider the <code
   title="attr-link-type">type</code> attribute authoritative &mdash;
   upon fetching the resource, user agents must not use the <code
   title="attr-link-type">type</code> attribute to determine its actual
   type. Only the actual type (as defined in the next paragraph) is
   used to determine whether to <em>apply</em> the resource, not the
   aforementioned assumed type.</p>
@@ -12822,21 +12837,23 @@ people expect to have work and what is necessary.
     executed"</span> flag.</p>
 
    </li>
 
    <li>
 
     <p>If the element has a <code title="attr-script-src">src</code>
     attribute, then the value of that attribute must be <span
     title="resolve a url">resolved</span> relative to the element, and
     if that is successful, the specified resource must then be <span
-    title="fetch">fetched</span>.</p>
+    title="fetch">fetched</span>, from the <span>origin</span> of the
+    element's <code>Document</code>.</p> <!-- not http-origin privacy
+    sensitive -->
 
     <p>For historical reasons, if the <span>URL</span> is a <span
     title="javascript protocol"><code title="">javascript:</code>
     URL</span>, then the user agent must not, despite the requirements
     in the definition of the <span title="fetch">fetching</span>
     algorithm, actually execute the given script; instead the user
     agent must act as if it had received an empty HTTP 400
     response.</p>
 
     <p>Once the resource's <span title="Content-Type">Content Type
@@ -19637,21 +19654,22 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {
   <p>Unless the user agent cannot support images, or its support for
   images has been disabled, or the user agent only fetches elements on
   demand, or the element's <code title="attr-img-src">src</code>
   attribute has a value that is an <i>ignored self-reference</i>,
   then, when an <code>img</code> is created with a <code
   title="attr-img-src">src</code> attribute, and whenever the <code
   title="attr-img-src">src</code> attribute is set subsequently, the
   user agent must <span title="resolve a url">resolve</span> the value
   of that attribute, relative to the element, and if that is
   successful must then <span>fetch</span> that resource.</p> <!-- Note
-  how this does NOT happen when the base URL changes. -->
+  how this does NOT happen when the base URL changes. --> <!--
+  http-origin privacy sensitive -->
 
   <p>The <code title="attr-img-src">src</code> attribute's value is an
   <i>ignored self-reference</i> if its value is the empty string, and
   the <i>base URI of the element</i> is the same as <span>the
   document's address</span>.</p>
 
   <!-- same text in <input type=image> section and similar text elsewhere -->
   <p>Fetching the image must <span>delay the load event</span> of the
   element's document until the <span title="concept-task">task</span>
   that is <span title="queue a task">queued</span> by the
@@ -21709,21 +21727,23 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
 
    <dt>If the element has a <code title="attr-embed-src">src</code>
    attribute set</dt>
 
    <dd>
 
     <p>The user agent must <span title="resolve a url">resolve</span>
     the value of the element's <code title="attr-embed-src">src</code>
     attribute, relative to the element. If that is successful, the
     user agent should <span>fetch</span> the resulting <span>absolute
-    URL</span>. The <span title="concept-task">task</span> that is
+    URL</span>, from the element's <span>browsing context scope
+    origin</span> if it has one<!-- potentially http-origin privacy
+    sensitive -->. The <span title="concept-task">task</span> that is
     <span title="queue a task">queued</span> by the <span>networking
     task source</span> once the resource has been <span
     title="fetch">fetched</span> must find and instantiate an
     appropriate <span>plugin</span> based on the <span
     title="concept-embed-type">content's type</span>, and hand that
     <span>plugin</span> the content of the resource, replacing any
     previously instantiated plugin for the element.</p> <!-- Note that
     this doesn't happen when the base URL changes. -->
 
     <p>Fetching the resource must <span>delay the load event</span> of
@@ -22041,21 +22061,23 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
      content to examine its real type.</p></li>
 
      <li>
 
       <p><span title="resolve a url">Resolve</span> the
       <span>URL</span> specified by the <code
       title="attr-object-data">data</code> attribute, relative to the
       element.</p>
 
       <p>If that is successful, <span>fetch</span> the resulting
-      <span>absolute URL</span>.</p>
+      <span>absolute URL</span>, from the element's <span>browsing
+      context scope origin</span> if it has one<!-- potentially
+      http-origin privacy sensitive -->.</p>
 
       <!-- similar text in various places -->
       <p>Fetching the resource must <span>delay the load event</span>
       of the element's document until the <span
       title="concept-task">task</span> that is <span title="queue a
       task">queued</span> by the <span>networking task source</span>
       once the resource has been <span title="fetch">fetched</span>
       (defined next) has been run.</p>
 
      </li>
@@ -22585,24 +22607,26 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
 
   <p>The <dfn title="attr-video-poster"><code>poster</code></dfn>
   attribute gives the address of an image file that the user agent can
   show while no video data is available. The attribute, if present,
   must contain a <span>valid URL</span>. <span class="impl">If the
   specified resource is to be used, then, when the element is created
   or when the <code title="attr-video-poster">poster</code> attribute
   is set, its value must be <span title="resolve a
   url">resolved</span> relative to the element, and if that is
   successful, the resulting <span>absolute URL</span> must be <span
-  title="fetch">fetched</span>; this must <span>delay the load
-  event</span> of the element's document. The <dfn>poster frame</dfn>
-  is then the image obtained from that resource, if any.</span></p>
-  <!-- thus it is unaffected by changes to the base URL. -->
+  title="fetch">fetched</span>, from the element's
+  <code>Document</code>'s <span>origin</span>; this must <span>delay
+  the load event</span> of the element's document. The <dfn>poster
+  frame</dfn> is then the image obtained from that resource, if
+  any.</span></p> <!-- thus it is unaffected by changes to the base
+  URL. -->
 
   <p class="note">The image given by the <code
   title="attr-video-poster">poster</code> attribute, the <i>poster
   frame</i>, is intended to be a representative frame of the video
   (typically one of the first non-blank frames) that gives the user an
   idea of what the video is like.</p>
 
   <div class="impl">
 
   <p>The <dfn title="dom-video-poster"><code>poster</code></dfn> IDL
@@ -24046,21 +24070,23 @@ interface <dfn>CueRangeCallback</dfn> {
    resource</span>.</p></li>
 
    <li><p>Set the <code
    title="dom-media-currentSrc">currentSrc</code> attribute to the
    <span>absolute URL</span> of the <var title="">current media
    resource</var>.</p></li>
 
    <li>
 
     <p>Begin to <span>fetch</span> the <var title="">current media
-    resource</var>.</p>
+    resource</var>, from the <span>media element</span>'s
+    <code>Document</code>'s <span>origin</span>.</p> <!-- not
+    http-origin privacy sensitive (looking forward to CORS here) -->
 
     <p>Every 350ms (&#xB1;200ms) or for every byte received, whichever
     is <em>least</em> frequent, <span>queue a task</span> to
     <span>fire a progress event</span> called <code
     title="event-media-progress">progress</code> at the element, in the
     context of the <span title="fetch">fetching process</span> started
     by this instance of this algorithm.</p>
 
     <p>If at any point the user agent has received no data for more
     than about three seconds, then <span>queue a task</span> to
@@ -38557,21 +38583,22 @@ interface <dfn>HTMLFormElement</dfn> : <span>HTMLElement</span> {
 
   <div class="impl">
 
   <p>When any of the following events occur, unless the user agent
   cannot support images, or its support for images has been disabled,
   or the user agent only fetches elements on demand, the user agent
   must <span title="resolve a url">resolve</span> the value of the
   <code title="attr-input-src">src</code> attribute, relative to the
   element, and if that is successful, must <span>fetch</span> the
   resulting <span>absolute URL</span>:</p> <!-- Note how this does NOT
-  happen when the base URL changes. -->
+  happen when the base URL changes. --> <!-- http-origin privacy
+  sensitive -->
 
   <ul>
 
    <li>The <code>input</code> element's <code
    title="attr-input-type">type</code> attribute is first set to the
    <span title="attr-input-type-image">Image Button</span> state
    (possibly when the element is first created), and the <code
    title="attr-input-src">src</code> attribute is present.</li>
 
    <li>The <code>input</code> element's <code
@@ -47231,28 +47258,29 @@ interface <dfn>DataGridListener</dfn> {
   node is, as follows:</p>
 
   <dl class="switch">
 
    <dt>An element that <span title="concept-command">defines a command</span></dt>
 
    <dd>Append the command to the menu, respecting its <span
    title="concept-facet">facets</span><!-- we might need to be
    explicit about what this means for each facet, if testing shows
    this isn't well-implemented. e.g.: If there's an Icon facet for the
-   command, it should be <span title="fetch">fetched</span>, and then
-   that image should be associated with the command, such that each
-   command only has its image fetched once, to prevent changes to the
-   base URL from having effects after the image has been fetched
-   once. (no need to resolve the Icon facet, it's an absolute URL)
-   -->. <!--If the element is a <code>command</code> element with a
-   <code title="attr-command-default">default</code> attribute, mark
-   the command as being a default command.--></dd>
+   command, it should be <span title="fetch">fetched</span> (this
+   would be http-origin privacy-sensitive), and then that image should
+   be associated with the command, such that each command only has its
+   image fetched once, to prevent changes to the base URL from having
+   effects after the image has been fetched once. (no need to resolve
+   the Icon facet, it's an absolute URL) -->. <!--If the element is a
+   <code>command</code> element with a <code
+   title="attr-command-default">default</code> attribute, mark the
+   command as being a default command.--></dd>
 
 
    <dt>An <code>hr</code> element</dt>
    <dt>An <code>option</code> element that has a <code
    title="attr-option-value">value</code> attribute set to the empty
    string, and has a <code
    title="attr-option-disabled">disabled</code> attribute, and whose
    <code>textContent</code> consists of a string of one or more
    hyphens (U+002D HYPHEN-MINUS)</dt>
 
@@ -54409,20 +54437,33 @@ document.body.appendChild(outer);</pre>
    <li>The browsing context <var title="">B</var> is not a
    <span>top-level browsing context</span>, but there exists an
    <span>ancestor browsing context</span> of <var title="">B</var>
    whose <span>active document</span> has the <span title="same
    origin">same</span> <span>origin</span> as the <span>active
    document</span> of <var title="">A</var> (possibly in fact being
    <var title="">A</var> itself).</li>
 
   </ul>
 
+  <hr>
+
+  <p>An element has a <dfn>browsing context scope origin</dfn> if its
+  <code>Document</code>'s <span>browsing context</span> is a
+  <span>top-level browsing context</span> or if all of its
+  <code>Document</code>'s <span title="ancestor browsing
+  context">ancestor browsing contexts</span> all have <span
+  title="active document">active documents</span> whose
+  <span>origin</span> are the <span>same origin</span> as the
+  element's <code>Document</code>'s <span>origin</span>. If an element
+  has a <span>browsing context scope origin</span>, then its value is
+  the <span>origin</span> of the element's <code>Document</code>.</p>
+
   </div>
 
 
   <div class="impl">
 
   <h4>Groupings of browsing contexts</h4>
 
   <p>Each <span>browsing context</span> is defined as having a list of
   zero or more <dfn>directly reachable browsing contexts</dfn>. These
   are:</p>
@@ -59584,21 +59625,23 @@ NETWORK:
    that is cancelable at the <code>ApplicationCache</code> singleton
    of that <span>cache host</span>. The default action of this event
    should be the display of some sort of user interface indicating to
    the user that the user agent is checking for the availability of
    updates.</p></li>
 
    <li>
 
     <p><i>Fetching the manifest</i>: <span>Fetch</span> the resource
     from <var title="">manifest URL</var>, and let <var
-    title="">manifest</var> be that resource.</p>
+    title="">manifest</var> be that resource.</p> <!-- http-origin
+    privacy sensitive, though it doesn't matter, since this can never
+    be cross-origin -->
 
     <p>If the resource is labeled with the <span>MIME type</span>
     <code>text/cache-manifest</code>, parse <var
     title="">manifest</var> according to the <span title="parse a
     manifest">rules for parsing manifests</span>, obtaining a list of
     <span title="concept-appcache-explicit">explicit entries</span>,
     <span title="concept-appcache-fallback">fallback entries</span>
     and the <span title="concept-appcache-fallback-ns">fallback
     namespaces</span> that map to them, entries for the <span
     title="concept-appcache-onlinewhitelist">online whitelist</span>,
@@ -59843,33 +59886,35 @@ NETWORK:
      set to the number of files in <var title="">file list</var>, and
      the <code title="dom-ProgressEvents-loaded">loaded</code>
      attribute must be set to the number of number of files in <var
      title="">file list</var> that have been downloaded so far. The
      default action of these events should be the display of some sort
      of user interface indicating to the user that a file is being
      downloaded in preparation for updating the application.</p></li>
 
      <li>
 
-      <p><span>Fetch</span> the resource. If this is an <span
-      title="concept-appcache-upgrade">upgrade attempt</span>, then
-      use the <span title="concept-appcache-newer">newest</span>
-      <span>application cache</span> in <var title="">cache
-      group</var> as an HTTP cache, and honor HTTP caching semantics
-      (such as expiration, ETags, and so forth) with respect to that
-      cache. User agents may also have other caches in place that are
-      also honored.</p>
+      <p><span>Fetch</span> the resource, from the <span>origin</span>
+      of the <span>URL</span> <var title="">manifest URL</var>. If
+      this is an <span title="concept-appcache-upgrade">upgrade
+      attempt</span>, then use the <span
+      title="concept-appcache-newer">newest</span> <span>application
+      cache</span> in <var title="">cache group</var> as an HTTP
+      cache, and honor HTTP caching semantics (such as expiration,
+      ETags, and so forth) with respect to that cache. User agents may
+      also have other caches in place that are also honored.</p> <!--
+      not http-origin privacy sensitive -->
 
       <p class="note">If the resource in question is already being
       downloaded for other reasons then the existing download process
-      can be used for the purposes of this step, as defined by the
-      <span title="fetch">fetching</span> algorithm.</p>
+      can sometimes be used for the purposes of this step, as defined
+      by the <span title="fetch">fetching</span> algorithm.</p>
 
       <p class="example">An example of a resource that might already
       be being downloaded is a large image on a Web page that is being
       seen for the first time. The image would get downloaded to
       satisfy the <code>img</code> element on the page, as well as
       being listed in the cache manifest. According to the rules for
       <span title="fetch">fetching</span> that image only need be
       downloaded once, and it can be used both for the cache and for
       the rendered Web page.</p>
 
@@ -60038,21 +60083,22 @@ NETWORK:
     title="">new cache</var>, if it isn't already there, and
     categorize its entry as a <span
     title="concept-appcache-master">master entry</span>.</p>
 
    </li>
 
    <li>
 
     <p><span>Fetch</span> the resource from <var title="">manifest
     URL</var> again, and let <var title="">second manifest</var> be
-    that resource.</p>
+    that resource.</p> <!-- http-origin privacy sensitive, though it
+    doesn't matter, since this can never be cross-origin -->
 
    </li>
 
    <li>
 
     <p>If the previous step failed for any reason, or if the fetching
     attempt involved a redirect, or if <var title="">second
     manifest</var> and <var title="">manifest</var> are not
     byte-for-byte identical, then schedule a rerun of the entire
     algorithm with the same parameters after a short delay, and run
@@ -61655,41 +61701,40 @@ NETWORK:
     user agent could decide to show the image from any of those
     caches, but it is likely that the most useful cache for the user
     would be the one that was used for the aforementioned HTML
     page. On the other hand, if the user submits the form, and the
     form does a POST submission, then the user agent will not use an
     application cache at all; the submission will be made to the
     network.</p>
 
     <p>Otherwise, <span>fetch</span> the new resource, if it has not
     already been obtained<!-- it's obtained by <object>, for instance
-    -->. If the resource is being fetched using HTTP, and the method
-    is not GET<!-- or HEAD (but that can't happen) -->, then the user
-    agent must include an <code title="http-origin">Origin</code>
-    header whose value is determined as follows:</p>
-
-    <dl class="switch">
-
-     <dt>If the <span title="navigate">navigation</span> algorithm has
-     so far contacted more than one <span>origin</span></dt>
-     <dt>If there is no <span>source browsing context</span></dt>
-
-     <dd>The value must be the string "<code title="">null</code>".</dd>
-
-     <dt>Otherwise</dt>
-
-     <dd>The value must be the <span title="ASCII serialization of an
-     origin">ASCII serialization</span> of the <span>origin</span> of
-     the <span>active document</span> of the <span>source browsing
-     context</span> at the time the navigation was started.</dd>
-
-    </dl>
+    -->.</p>
+
+    <p>If the resource is being fetched using a method other than one
+    <span title="concept-http-equivalent-get">equivalent to</span>
+    HTTP's GET<!-- or HEAD (but that can't happen) -->, or, if the
+    <span title="navigate">navigation algorithm</span> was invoked as
+    a result of the <span title="concept-form-submit">form submission
+    algorithm</span>, then the <span title="fetch">fetching
+    algorithm</span> must be invoked from the <span>origin</span> of
+    the <span>active document</span> of the <span>source browsing
+    context</span>, if any.</p> <!-- potentially http-origin privacy
+    sensitive -->
+
+    <p>If the <span>browsing context</span> being navigated is a
+    <span>child browsing context</span> for an <code>iframe</code> or
+    <code>object</code> element, then the <span title="fetch">fetching
+    algorithm</span> must be invoked from the <code>iframe</code> or
+    <code>object</code> element's <span>browsing context scope
+    origin</span>, if it has one.</p> <!-- potentially http-origin
+    privacy sensitive -->
 
    </li>
 
    <li>
 
     <p>If fetching the resource is synchronous (i.e. for <span
     title="javascript protocol"><code title="">javascript:</code>
     URLs</span> and <code>about:blank</code>), then this must be
     synchronous, but if fetching the resource depends on external
     resources, as it usually does for URLs that use HTTP or other
@@ -64637,21 +64682,23 @@ interface <dfn>SQLTransactionSync</dfn> {
   HTTP <code title="http-referer">Referer</code> (sic) headers. Based
   on the user's preferences, UAs may either <span>ignore</span> the
   <code title="attr-hyperlink-ping">ping</code> attribute altogether,
   or selectively ignore URLs in the list (e.g. ignoring any
   third-party URLs).</p>
 
   <p>For URLs that are HTTP URLs, the requests must be performed by
   <span title="fetch">fetching</span> the specified URLs using the
   POST method, with an entity body with the <span>MIME type</span>
   <code>text/ping</code> consisting of the four-character string
-  "<code title="">PING</code>". All relevant cookie and HTTP
+  "<code title="">PING</code>", from the <span>origin</span> of the
+  <code>Document</code> containing the <span>hyperlink</span>. <!--
+  not http-origin privacy sensitive --> All relevant cookie and HTTP
   authentication headers must be included in the request. Which other
   headers are required depends on the URLs involved.</p>
 
   <dl class="switch">
 
    <dt>If both the <span title="the document's address">address</span>
    of the <code>Document</code> object containing the hyperlink being
    audited and the ping URL have the <span>same origin</span></dt>
 
    <dd>The request must include a <code
@@ -64683,26 +64730,20 @@ interface <dfn>SQLTransactionSync</dfn> {
 
    <dd>The request must include a <code
    title="http-ping-to">Ping-To</code> HTTP header with, as its value,
    the address of the target of the hyperlink. The request must
    neither include a <code title="">Referer</code> (sic) HTTP header
    nor include a <code title="http-ping-from">Ping-From</code> HTTP
    header.</dd>
 
   </dl>
 
-  <p>In addition, an <code title="http-origin">Origin</code> header
-  must always be included, whose value is the <span title="ASCII
-  serialization of an origin">ASCII serialization</span> of the
-  <span>origin</span> of the <code>Document</code> containing the
-  <span>hyperlink</span>.</p>
-
   <p class="note">To save bandwidth, implementors might also wish to
   consider omitting optional headers such as <code>Accept</code> from
   these requests.</p>
 
   <p>User agents must, unless otherwise specified by the user, honor
   the HTTP headers (including, in particular, redirects and HTTP
   cookie headers), but must ignore any entity bodies returned in the
   responses. User agents may close the connection prematurely once
   they start receiving an entity body. <a
   href="#refsCOOKIES">[COOKIES]</a></p>
@@ -71058,23 +71099,23 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
 
   <p>A worker is said to be a <dfn>suspendable worker</dfn> if it is
   not an <span>active needed worker</span> but it is a
   <span>permissible worker</span>.</p>
 
 
   <h4>Processing model</h4>
 
   <p>When a user agent is to <dfn>run a worker</dfn> for a script with
   <span>URL</span> <var title="">url</var>, a browsing context <var
-  title="">owner browsing context</var>, and with global scope <var
-  title="">worker global scope</var>, it must run the following
-  steps:</p>
+  title="">owner browsing context</var>, an origin <var title="">owner
+  origin</var>, and with global scope <var title="">worker global
+  scope</var>, it must run the following steps:</p>
 
   <ol>
 
    <li>
 
     <p>Create a completely separate and parallel execution environment
     (i.e. a separate thread or process or equivalent construct), and
     run the rest of these steps asynchronously in that context.</p>
 
    </li>
@@ -71087,21 +71128,22 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
    title="">url</var> and that have <var title="">url</var> as one of
    their entries, <em>not</em> excluding entries marked as <span
    title="concept-appcache-foreign">foreign</span>, then associate the
    <var title="">worker global scope</var> with the <span
    title="concept-appcache-selection">most appropriate application
    cache</span> of those that match.</p></li>
 
    <li>
 
     <p>Attempt to <span>fetch</span> the resource identified by <var
-    title="">url</var>.</p>
+    title="">url</var>, from the <var title="">owner origin</var>.</p>
+    <!-- not http-origin privacy sensitive -->
 
     <p>If the attempt fails, or if the attempt involves any redirects
     to URIs that do not have the <span>same origin</span> as <var
     title="">url</var> (even if the final URI is at the <span>same
     origin</span> as the original <var title="">url</var>), then for
     each <code>Worker</code> or <code>SharedWorker</code> object
     associated with <var title="">worker global scope</var>,
     <span>queue a task</span> to <span>fire a simple event</span>
     called <code title="event-error">error</code> at that
     object. Abort these steps.</p>
@@ -71526,23 +71568,22 @@ interface <dfn>Worker</dfn> : <span>AbstractWorker</span> {
    script</span>'s <span title="script's base URL">base URL</span>,
    when the method is invoked.</p></li>
 
    <li><p>If this fails, throw a <code>SYNTAX_ERR</code>
    exception.</p></li>
 
    <li>
 
     <p>If the <span>origin</span> of the resulting <span>absolute
     URL</span> is not the <span title="same origin">same</span> as the
-    origin of the <span title="concept-script">script</span> that
-    invoked the constructor, then throw a <span>security
-    exception</span>.</p>
+    origin of the <span>first script</span>, then throw a
+    <span>security exception</span>.</p>
 
     <p class="note">Thus, scripts must be external files with the same
     scheme as the original page: you can't load a script from a <code
     title="">data:</code> URL or <code title="">javascript:</code>
     URL, and a <code>https:</code> page couldn't start workers using
     scripts with <code>http:</code> URLs.</p>
 
    </li>
 
    <li><p><span>Create a new <code>DedicatedWorkerGlobalScope</code>
@@ -71612,22 +71653,23 @@ interface <dfn>Worker</dfn> : <span>AbstractWorker</span> {
     title="concept-script">script</span> that invoked the
     constructor.</p>
 
    </li>
 
    <li>
 
     <p><span>Run a worker</span> for the resulting <span>absolute
     URL</span>, with the <span>script browsing context</span> of the
     script that invoked the method as the <var title="">owner browsing
-    context</var>, and with <var title="">worker global scope</var> as
-    the global scope.</p>
+    context</var>, with the <span>origin</span> of the <span>first
+    script</span> as the <var title="">owner origin</var>, and with
+    <var title="">worker global scope</var> as the global scope.</p>
 
    </li>
 
   </ol>
 
   <p>This constructor must be visible when the <span>script's global
   scope</span> is either a <code>Window</code> object or an object
   implementing the <code>WorkerUtils</code> interface.</p>
 
 
@@ -71660,21 +71702,21 @@ interface <dfn>SharedWorker</dfn> : <span>AbstractWorker</span> {
    resulting <span>absolute URL</span>.</p></li>
 
    <li><p>Let <var title="">name</var> be the value of the second
    argument, or the empty string if the second argument was
    omitted.</p></li>
 
    <li>
 
     <p>If the <span>origin</span> of <var title="">scriptURL</var> is
     not the <span title="same origin">same</span> as the origin of the
-    script that invoked the constructor, then throw a <span>security
+    <span>first script</span>, then throw a <span>security
     exception</span>.</p>
 
     <p class="note">Thus, scripts must be external files with the same
     scheme as the original page: you can't load a script from a <code
     title="">data:</code> URL or <code title="">javascript:</code>
     URL, and a <code>https:</code> page couldn't start workers using
     scripts with <code>http:</code> URLs.</p>
 
    </li>
 
@@ -71856,22 +71898,23 @@ interface <dfn>SharedWorker</dfn> : <span>AbstractWorker</span> {
     scope</span> of the <span title="concept-script">script</span>
     that invoked the constructor.</p>
 
    </li>
 
    <li>
 
     <p><span>Run a worker</span> for <var title="">scriptURL</var>,
     with the <span>script browsing context</span> of the script that
     invoked the method as the <var title="">owner browsing
-    context</var>, and with <var title="">worker global scope</var> as
-    the global scope.</p>
+    context</var>, with the <span>origin</span> of the <span>first
+    script</span> as the <var title="">owner origin</var>, and with
+    <var title="">worker global scope</var> as the global scope.</p>
 
    </li>
 
   </ol>
 
   <p>This constructor must be visible when the <span>script's global
   scope</span> is either a <code>Window</code> object or an object
   implementing the <code>WorkerUtils</code> interface.</p>
 
   <p>The <span>task source</span> for the tasks mentioned above is the
@@ -71916,21 +71959,23 @@ interface <dfn>WorkerUtils</dfn> {
    <li><p>If any of the resulting <span title="absolute URL">absolute
    URLs</span> have an <span>origin</span> that is not the <span
    title="same origin">same</span> as the origin of the script that
    invoked the method, then throw a <span>security
    exception</span>.</p></li>
 -->
 
    <li>
 
     <p>Attempt to <span>fetch</span> each resource identified by the
-    resulting <span title="absolute URLs">absolute URL</span>.</p>
+    resulting <span title="absolute URLs">absolute URL</span>, from
+    the <span>first script</span>'s <span>origin</span>.</p> <!-- not
+    http-origin privacy sensitive -->
 
    </li>
 
    <li>
 
     <p>For each argument in turn, in the order given, starting with
     the first one, run these substeps:</p>
 
     <ol>
 
@@ -72298,21 +72343,23 @@ interface <dfn>EventSource</dfn> {
 
    <li><p>If the previous step failed, then throw a
    <code>SYNTAX_ERR</code> exception.</p></li>
 
    <li><p>Return a new <code>EventSource</code> object, and continue
    these steps in the background (without blocking scripts).</p></li>
 
    <li>
 
     <p><span>Fetch</span> the resource identified by the resulting
-    <span>absolute URL</span>, and process it as described below.</p>
+    <span>absolute URL</span>, from the <span>first script</span>'s
+    <span>origin</span>, and process it as described below.</p> <!--
+    not http-origin privacy sensitive -->
 
     <p class="note">The definition of the <span
     title="fetch">fetching</span> algorithm is such that if the
     browser is already fetching the resource identified by the given
     <span>absolute URL</span>, that connection can be reused, instead
     of a new connection being established. All messages received up to
     this point are dispatched immediately, in this case.</p>
 
    </li>
 
@@ -72475,20 +72522,24 @@ interface <dfn>EventSource</dfn> {
   source. (It doesn't affect other <code>EventSource</code> objects
   with the same URL unless they also receive 301 responses, and it
   doesn't affect future sessions, e.g. if the page is reloaded.)</p>
 
   <p>HTTP 302 Found, 303 See Other, and 307 Temporary Redirect
   responses must cause the user agent to connect to the new
   server-specified URL, but if the user agent needs to again request
   the resource at a later point, it must return to the previously
   specified URL for this event source.</p>
 
+  <p class="note">The Origin specification also introduces some
+  relevant requirements when dealing with redirects. <a
+  href="#refsORIGIN">[ORIGIN]</a></p>
+
   <p>HTTP 305 Use Proxy, HTTP 401 Unauthorized, and 407 Proxy
   Authentication Required should be treated transparently as for any
   other subresource.</p>
 
   <p>Any other HTTP response code not listed here or network error
   (e.g. DNS errors) must cause the user agent to <span>fail the
   connection</span>.</p> <!-- including: HTTP 300 Multiple Choices,
   HTTP 304 Not Modified, HTTP 400 Bad Request, 403 Forbidden, 404 Not
   Found, 405 Method Not Allowed, 406 Not Acceptable, 408 Request
   Timeout, 409 Conflict, 410 Gone, 411 Length Required, 412
@@ -72511,23 +72562,26 @@ interface <dfn>EventSource</dfn> {
   <code>EventSource</code> object.</p>
 
   <p>When a user agent is to <dfn>reset the connection</dfn>, the user
   agent must set the <code
   title="dom-EventSource-readyState">readyState</code> attribute to
   <code title="dom-EventSource-CONNECTING">CONNECTING</code>,
   <span>queue a task</span> to <span>fire a simple event</span> called
   <code title="event-error">error</code> at the
   <code>EventSource</code> object, and then <span>fetch</span> the
   event source resource again after a delay equal to the reconnection
-  time of the event source. <strong>Only if the user agent <span
-  title="reset the connection">resets the connection</span> does the
-  connection get opened anew!</strong></p>
+  time of the event source, from the same <span>origin</span> as the
+  original request triggered by the <code
+  title="dom-EventSource">EventSource()</code>
+  constructor. <strong>Only if the user agent <span title="reset the
+  connection">resets the connection</span> does the connection get
+  opened anew!</strong></p>
 
   <p>When a user agent is to <dfn>fail the connection</dfn>, the user
   agent must set the <code
   title="dom-EventSource-readyState">readyState</code> attribute to
   <code title="dom-EventSource-CLOSED">CLOSED</code> and <span>queue a
   task</span> to <span>fire a simple event</span> called <code
   title="event-error">error</code> at the <code>EventSource</code>
   object. <strong>Once the user agent has <span title="fail the
   connection">failed the connection</span>, it does <em>not</em>
   attempt to reconnect!</strong></p>
@@ -74159,20 +74213,24 @@ Proxy-authorization: Basic ZWRuYW1vZGU6bm9jYXBlcyE=</pre>
 
 
      <dt>Any other name</dt>
 
      <dd>Ignore it.</dd>
 
     </dl>
 
     <hr>
 <!--
+redirect support
+we should probably reintroduce this at some point, with the
+multi-origin semantics described in [ORIGIN] applying. (http-origin)
+
     <p>If <var title="">mode</var> is <i title="">redirect</i>, then:
     If there is not exactly one entry in the <var
     title="">headers</var> list whose name is "<code
     title="">location</code>", then <span>fail the Web Socket
     connection</span> and abort these steps. Otherwise, handle each
     entry in the <var title="">headers</var> list as follows:</p>
 
     <dl class="switch">
 
      <dt>If the entry's name is "<code
@@ -87821,22 +87879,24 @@ time:empty { binding: <i title="">time</i>; }</pre>
 
   <p id="sandboxPluginApplet">When the <span>sandboxed plugins
   browsing context flag</span> is set on the <span>browsing
   context</span> for which the <code>applet</code> element's document
   is the <span>active document</span>, and when the element has an
   ancestor <span>media element</span>, and when the element has an
   ancestor <code>object</code> element that is <em>not</em> showing
   its <span>fallback content</span>, the element must be ignored (it
   represents nothing).</p>
 
-  <p>Otherwise, <span class="XXX">define how the element works,
-  if supported</span>.</p> <!-- remember to delay the laod event -->
+  <p>Otherwise, <span class="XXX">define how the element works, if
+  supported</span>.</p> <!-- remember to delay the load event --> <!--
+  remember to include ", from the element's <span>browsing context
+  scope origin</span> if it has one" when fetching -->
 
   <p>The <code>applet</code> element must implement the
   <code>HTMLAppletElement</code> interface.</p>
 
   <pre class="idl">interface <dfn>HTMLAppletElement</dfn> : <span>HTMLElement</span> {
            attribute DOMString <span title="dom-applet-align">align</span>;
            attribute DOMString <span title="dom-applet-alt">alt</span>;
            attribute DOMString <span title="dom-applet-archive">archive</span>;
            attribute DOMString <span title="dom-applet-code">code</span>;
            attribute DOMString <span title="dom-applet-codeBase">codeBase</span>;
@@ -88587,21 +88647,22 @@ interface <span>HTMLHeadElement</span> {
 
    <li><p><span title="split a string on spaces">Split on
    spaces</span> the value of the <code
    title="attr-head-profile">profile</code> attribute.</p></li>
 
    <li><p><span title="resolve a url">Resolve</span> each resulting
    token relative to the <code>head</code> element.</p></li>
 
    <li><p>For each token that is successfully resolved,
    <span>fetch</span> the resulting <span>absolute URL</span> and
-   apply the appropriate processing.</p></li>
+   apply the appropriate processing.</p></li> <!-- http-origin privacy
+   sensitive -->
 
   </ol>
 
   <p>The <dfn title="dom-head-profile"><code>profile</code></dfn> IDL
   attribute of the <code>head</code> element must <span>reflect</span>
   the content attribute of the same name, as if the attribute's value
   was just a string. (In other words, the value is not <span
   title="resolve a url">resolved</span> in any way on getting.)</p>
 
   <hr>
@@ -90075,20 +90136,26 @@ interface <span>HTMLDocument</span> {
    <dd>(Non-normative) <cite><a
    href="https://developer.mozilla.org/en/Gecko_Plugin_API_Reference">Gecko
    Plugin API Reference</a></cite>. Mozilla, November 2008.</dd>
 
    <dt id="refsOPENSEARCH">[OPENSEARCH]</dt>
    <dd><cite><a
    href="http://www.opensearch.org/Specifications/OpenSearch/1.1#Autodiscovery_in_HTML.2FXHTML">Autodiscovery
    in HTML/XHTML</a></cite>. In <cite>OpenSearch 1.1 Draft 4</cite>,
    Section 4.6.2. OpenSearch.org.</dd>
 
+   <dt id="refsORIGIN">[ORIGIN]</dt>
+   <dd><cite><a
+   href="http://tools.ietf.org/html/draft-abarth-origin">The HTTP
+   Origin Header</a></cite>, A. Barth, C. Jackson, I. Hickson. IETF,
+   September 2009.</dd>
+
    <dt id="refsPINGBACK">[PINGBACK]</dt>
    <dd><cite><a
    href="http://www.hixie.ch/specs/pingback/pingback">Pingback
    1.0</a></cite>, S. Langridge, I. Hickson. January 2007.</dd>
 
    <dt id="refsPNG">[PNG]</dt>
    <dd><cite><a href="http://www.w3.org/TR/PNG/">Portable Network
    Graphics (PNG) Specification</a></cite>, D. Duce. W3C, November
    2003.</dd>
 

|