Add "serialize a request URL for reporting"

yutakahirano · web-flow · commit 17723c60d9a7 · 2020-06-02T10:29:04.000+02:00
This is useful for Cross-Origin-Embedder-Policy.
diff --git a/fetch.bs b/fetch.bs
@@ -1747,6 +1747,28 @@ is to return the result of <a>serializing a request origin</a> with <var>request
 <p class=note>Features that combine multiple responses into one logical resource are historically a
 source of security bugs. Please seek security review for features that deal with partial responses.
 
+<hr>
+
+<p>To <dfn export>serialize a request URL for reporting</dfn>, given a <a for=/>request</a>
+<var>request</var>, run these steps:
+
+<ol>
+ <li>
+  <p>Let <var>url</var> be a copy of <var>request</var>'s <a for=request>URL</a>.
+
+  <p class="note">This is not <var>request</var>'s <a for=request>current URL</a> in order to avoid
+  leaking information about redirect targets (see
+  <a href="https://w3c.github.io/webappsec-csp/#security-violation-reports">similar considerations for CSP reporting</a>
+  too). [[CSP]]
+
+ <li><p><a>Set the username</a> given <var>url</var> and the empty string.
+
+ <li><p><a>Set the password</a> given <var>url</var> and the empty string.
+
+ <li><p>Return the <a lt="url serializer">serialization</a> of <var>url</var> with the
+ <i>exclude fragment flag</i> set.
+</ol>
+
 
 <h4 id=responses>Responses</h4>
 
