use 'current settings object's origin' (et al) rather than 'origin of…

… the caller'. Fixes #171. Fixes #172.
w3c · Sep 16, 2016 · f81c867 · f81c867
1 parent 8afcbc2
commit f81c867
Showing 1 changed file with 20 additions and 9 deletions.
diff --git a/index.bs b/index.bs
@@ -38,15 +38,16 @@ Markup Shorthands: css off, markdown on
 <pre class="anchors">
 
 <!-- spec: HTML; urlPrefix: https://html.spec.whatwg.org/multipage/ -->
-spec: HTML51; urlPrefix: http://www.w3.org/TR/html51/
+spec: HTML51; urlPrefix: http://www.w3.org/TR/html51/; for: web
     type: dfn
-        urlPrefix: browsers.html; for: web
-            text: origin
+        urlPrefix: browsers.html
+            text: origin; url: concept-cross-origin
             text: opaque origin
             text: tuple origin
-            text: current settings object
+            text: relaxing the same-origin restriction
     type: dfn
         urlPrefix: webappapis.html; for: interface
+            text: current settings object; url:current-settings-object
             text: Navigator
 
 </pre>
@@ -149,7 +150,9 @@ This specification relies on several other underlying specifications.
 <!-- , <a>opaque origin</a>, -->
 
 : HTML
-:: The concepts of <a for='web'>origin</a> and the <a>Navigator</a> interface are defined in [[!HTML51]].
+:: The concepts of <a link-for='web'>current settings object</a>, |given value|, <a link-for='web'>opaque origin</a>, 
+    <a for='web'>origin</a>, the <a>Navigator</a> interface, and the 
+    <a link-for='web'>relaxing the same-origin restriction</a> "setting" algorithm are defined in [[!HTML51]].
 
 : Web IDL
 :: Many of the interface definitions and all of the IDL in this specification depend on [[!WebIDL-1]]. This updated version of
@@ -363,8 +366,12 @@ When this method is invoked, the user agent MUST execute the following algorithm
 2. Let |promise| be a new <a data-lt="Promises">Promise</a>. Return |promise| and start a timer for |adjustedTimeout| seconds.
     Then asynchronously continue executing the following steps.
 
-3. Set |callerOrigin| to the <a link-for='web'>current settings object's</a> <a link-for='web'>origin</a>. If |callerOrigin|
-    is an <a link-for='web'>opaque origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and terminate this algorithm. Otherwise, derive the RP ID from |callerOrigin| by computing the
+3. Set |callerOrigin| to the <a link-for='web'>current settings object</a>'s <a link-for='web'>origin</a>. If |callerOrigin| is
+    an <a link-for='web'>opaque origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and
+    terminate this algorithm. 
+    Otherwise, apply the <a link-for='web'>relaxing the same-origin restriction</a> "setting" algorithm using |callerOrigin| as
+    the |given value|. 
+    If no errors are thrown, then derive the RP ID from |callerOrigin| by computing the
     "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "<a>eTLD+1</a>")
     part of |callerOrigin| [[PSL]]. Let |rpId| be the lowercase form of this RP ID. Set |rpIdHash| to the SHA-256 hash of the
     UTF-8 encoding of |rpId|.
@@ -440,8 +447,12 @@ When this method is invoked, the user agent MUST execute the following algorithm
 2. Let |promise| be a new <a data-lt="Promises">Promise</a>. Return |promise| and start a timer for |adjustedTimeout| seconds.
     Then asynchronously continue executing the following steps.
 
-3. Set |callerOrigin| to the <a link-for='web'>current settings object's</a> <a link-for='web'>origin</a>. If |callerOrigin|
-    is an <a link-for='web'>opaque origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and terminate this algorithm. Otherwise, derive the RP ID from |callerOrigin| by computing the
+3. Set |callerOrigin| to the <a link-for='web'>current settings object</a>'s <a link-for='web'>origin</a>. If |callerOrigin|
+    is an <a link-for='web'>opaque origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and
+    terminate this algorithm.
+    Otherwise, apply the <a link-for='web'>relaxing the same-origin restriction</a> "setting" algorithm using |callerOrigin| as
+    the |given value|. 
+    If no errors are thrown, then derive the RP ID from |callerOrigin| by computing the
     "public suffix + 1" or "PS+1" (which is also referred to as the "Effective Top-Level Domain plus One" or "<a>eTLD+1</a>")
     part of |callerOrigin| [[PSL]]. Let |rpId| be the lowercase form of this RP ID. Set |rpIdHash| to the SHA-256 hash of the
     UTF-8 encoding of |rpId|.