diff --git a/fetch.bs b/fetch.bs index 7afac06c9..13c0ee720 100644 --- a/fetch.bs +++ b/fetch.bs @@ -249,18 +249,6 @@ preferred. Unlike ASCII whitespace this excludes U+000C FF.
An HTTP whitespace byte is an HTTP newline byte or HTTP tab or space byte. -
An HTTPS state value is "none
",
-"deprecated
", or "modern
".
-
-
A response delivered over HTTPS will
-typically have its HTTPS state set to
-"modern
". A user agent can use "deprecated
" in a transition
-period. E.g., while removing support for a hash function, weak cipher suites, certificates for an
-"Internal Name", or certificates with an overly long validity period. How exactly a user agent can
-use "deprecated
" is not defined by this specification. An
-environment settings object typically derives its
-HTTPS state from a response.
-
To collect an HTTP quoted string from a string input, given a position variable position @@ -1840,11 +1828,6 @@ message as HTTP/2 does not support them. -
A response has an associated
-HTTPS state (an
-HTTPS state value). Unless stated otherwise, it is
-"none
".
-
A response has an associated CSP list, which is a list of Content Security Policy objects @@ -3299,7 +3282,8 @@ these steps: URL's origin
origin's scheme is "https
" or
- response's HTTPS state is "none
"
+ response's URL's scheme is not
+ "https
"
then return allowed. @@ -3646,8 +3630,7 @@ optionally with a recursive flag, run these steps:
Return a new response whose status is - noCorsResponse's status, HTTPS state is - noCorsResponse's HTTPS state, and CSP list + noCorsResponse's status, and CSP list is noCorsResponse's CSP list.
This is only an effective defense against side channel attacks if
@@ -3873,10 +3856,7 @@ optionally with a recursive flag, run these steps:
response whose status message is `OK
`,
header list consist of a single header whose
name is `Content-Type
` and value is
- `text/html;charset=utf-8
`, body is the empty byte sequence, and
- HTTPS state is request's client's
- HTTPS state if request's
- client is non-null.
+ `text/html;charset=utf-8
`, and body is the empty byte sequence.
Otherwise, return a network error. @@ -3916,11 +3896,6 @@ optionally with a recursive flag, run these steps: response's header list. -
Set response's - HTTPS state to request's - client's HTTPS state - if request's client is non-null. -
Set response's body to
the result of performing the read operation on
blob.
@@ -3954,11 +3929,8 @@ optionally with a recursive flag, run these steps:
`OK
`, header list consist of a single header whose
name is `Content-Type
` and value is
dataURLStruct's MIME type,
- serialized, body is
- dataURLStruct's body, and
- HTTPS state is request's client's
- HTTPS state if request's
- client is non-null.
+ serialized, and body is
+ dataURLStruct's body.
file
"
@@ -3985,8 +3957,7 @@ optionally with a recursive flag, run these steps:
Return a response whose status message is
`OK
`, header list consists of a single header
whose name is `Content-Type
` and whose value is
- mime, body is body, and
- HTTPS state is "none
".
+ mime, and body is body.
When in doubt, return a network error. @@ -4867,18 +4838,6 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b
Otherwise, return a network error. -
If response was retrieved over HTTPS, set its
- HTTPS state to either
- "deprecated
" or "modern
".
- [[!TLS]]
-
-
The exact determination here is up to user agents for the
- time being. User agents are strongly encouraged to only succeed HTTPS connections with
- strong security properties and return
- network errors otherwise. Using the
- "deprecated
" state value ought to be a temporary and last resort kind
- of option.
-
Transmit body for request. @@ -6679,10 +6638,6 @@ constructor steps are:
Set this's MIME type to the result of extracting a MIME type from this's response's header list. - -
Set this's response's HTTPS state to - this's relevant settings object's - HTTPS state.
The static error()
method steps are: