diff --git a/spec/index.bs b/spec/index.bs index d879a54f..6bebe72f 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -511,7 +511,7 @@ When asked to attempt to disconnect given an {{IdentityCredentialDisc |provider| and |globalObject|. 1. If |config| is failure, [=reject=] |promise| with a "{{NetworkError}}" {{DOMException}}. 1. Let |disconnectUrl| be the result of [=computing the manifest URL=] given |provider|, - |config|.{{IdentityProviderAPIConfig/disconnect_endpoint}}, and |globalObject|. + |config|.{{IdentityProviderAPIConfig/disconnect_endpoint}}, true, and |globalObject|. 1. If |disconnectUrl| is failure, [=reject=] |promise| with a "{{NetworkError}}" {{DOMException}}. 1. [=Send a disconnect request=] with |disconnectUrl|, |options|, and |globalObject|, and let @@ -1469,8 +1469,8 @@ To fetch request given a [=/request=] |request|, |globalObject|, and
When computing the manifest URL given an {{IdentityProviderConfig}} |provider|, a -[=string=] |manifestString|, and |globalObject|, perform the following steps. This returns a -URL or failure. +[=string=] |manifestString|, a boolean |requireSameOrigin|, and |globalObject|, perform the following +steps. This returns a URL or failure. 1. Let |configUrl| be the result of running [=parse url=] with |provider|'s {{IdentityProviderConfig/configURL}} and |globalObject|. 1. Let |manifestUrl| be the result of running [=parse url=] given |manifestString| (the relative @@ -1481,7 +1481,10 @@ When computing the manifest URL given an {{IdentityProviderConfig}} | allowed. 1. If |manifestUrl| is failure, return failure. - 1. If |manifestUrl| is not [=same origin=] with |configUrl|, return failure. + 1. If |requireSameOrigin| and |manifestUrl| is not [=same origin=] with |configUrl|, return + failure. + 1. If |requireSameOrigin| is false and |manifestUrl|'s [=url/host=]'s [=host/registrable domain=] + is not equal to |configUrl|'s, return failure. 1. If |manifestUrl| is not a [=potentially trustworthy URL=], return failure. 1. Return |manifestUrl|.