fix

yutakahirano · yutakahirano · commit 158c73dbb63e · 2020-05-21T20:26:12.000+09:00
diff --git a/source b/source
@@ -3151,6 +3151,18 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
    </dd>
 
 
+   <dt>Reporting</dt>
+
+   <dd>
+    <p>The following terms are defined in <cite>Reporting</cite>: <ref
+    spec=REPORTING></p>
+
+    <ul class="brief">
+     <li><dfn data-x-href="https://w3c.github.io/reporting/#queue-report">Queue a report</dfn></li>
+    </ul>
+   </dd>
+
+
    <dt>XMLHttpRequest</dt>
 
    <dd>
@@ -6516,15 +6528,15 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
    values: "<code data-x="">unsafe-none</code>", "<code data-x="">require-corp</code>",
    initially "<code data-x="">unsafe-none</code>".</p></li>
 
-   <li><p>A string or null(<dfn data-x="embedder-policy-reporting-endpoint">reporting
-   endpoint</dfn>), initially null.</p></li>
+   <li><p>A string(<dfn data-x="embedder-policy-reporting-endpoint">reporting
+   endpoint</dfn>), initially the empty string.</p></li>
 
    <li><p>A string(<dfn data-x="embedder-policy-report-only-value">report only value</dfn>) with one
    of the following values: "<code data-x="">unsafe-none</code>",
    "<code data-x="">require-corp</code>", initially "<code data-x="">unsafe-none</code>".</p></li>
 
-   <li><p>A string or null(<dfn data-x="embedder-policy-report-only-reporting-endpoint">report only
-   reporting endpoint</dfn>), initially null.</p></li>
+   <li><p>A string(<dfn data-x="embedder-policy-report-only-reporting-endpoint">report only
+   reporting endpoint</dfn>), initially the empty string.</p></li>
   </ul>
 
   <p>To <dfn>obtain an embedder policy</dfn> from a
@@ -97964,6 +97976,92 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
 
   <h4 id="worker-processing-model"><span id="processing-model-10"></span>Processing model</h4>
 
+  <p>To <dfn>queue a Cross-Origin Embedder Policy violation on worker initialization</dfn> given a
+  <span data-x="concept-request">request</span>(<var>request</var>), a string(<var>endpoint</var>)
+  and an <span>environment settings object</span>(settings), run the following steps.</p>
+
+  <ol>
+   <li>
+    <p>Let <var>blocked url</var> be <var>request</var>'s
+    <span data-x="concept-request-url">URL</span>.</p>
+
+    <p class="note">This is not <var>request</var>'s
+    <span data-x="concept-request-current-url">current URL</span> in order to avoid leaking
+    information about redirect targets (see
+    <a href="https://w3c.github.io/webappsec-csp/#security-violation-reports">here</a> too).</p>
+   </li>
+
+   <li><p>Set <var>blocked url</var>'s <span data-x="concept-url-username">username</span>
+   to the empty string, and its <span data-x="concept-url-password">password</span> to
+   <code data-x="">null</code>.</p></li>
+
+   <li><p>Let <var>serialized blocked url</var> be <var>blocked url</var>
+   <span data-x="concept-url-serializer">serialized</span>with the <code data-x="">exclude fragment
+   flag</code> set.</p></li>
+
+   <li>
+    <p>Let <var>body</var> be a new object containing the following properties with keys:</p>
+
+    <table class="data">
+     <thead>
+      <tr>
+       <th>key</th>
+       <th>value</th>
+      </tr>
+     </thead>
+     <tbody>
+      <tr>
+      <td>type</td>
+       <td>"<code data-x="">worker initialization</code>"</td>
+      </tr>
+      <tr>
+       <td>blocked-url</td>
+       <td><var>serialized blocked url</var></td>
+      </tr>
+     </tbody>
+    </table>
+   </li>
+
+   <li><p><span data-x="queue a report">Queue</span> <var>body</var> as
+   "<code data-x="">coep</code>" for <var>endpoint</var> on <var>settings</var>.
+  </ol>
+
+  <p>To <dfn>check a global object's embedder policy</dfn> given a
+  <code>WorkerGlobalScope</code>(<var>worker global scope</var>), an <span>environment settings
+  object</span>(owner) and a <span data-x="concept-request">request</span>, run the following
+  steps.</p>
+
+  <ol>
+   <li><p>If <var>worker global scope</var> is not a <code>DedicatedWorkerGlobalScope</code> object,
+   then return "<code data-x="">allowed</code>".</p></li>
+
+   <li><p>Let <var>policy</var> be <var>worker global scope</var>'s
+   <span data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span>.
+
+   <li><p>Let <var>owner policy</var> be <var>owner</var>'s
+   <span data-x="concept-settings-object-embedder-policy">embedder policy</span>.
+
+   <li><p>If <var>owner policy</var>'s <span data-x="embedder-policy-report-only-value">report
+   only value</span> is "<code data-x="">require-corp</code>" and <var>policy</var>'s
+   <span data-x="embedder-policy-value">value</span> is "<code data-x="">unsafe-none</code>",
+   then <span>queue a Cross-Origin Embedder Policy violation on worker initialization</span>
+   with <var>request</var>, <var>owner's policy</var>'s <span
+   data-x="embedder-policy-report-only-reporting-endpoint">report only reporting endpoint</span>
+   and <var>owner</var>.</p></li>
+
+   <li><p>If <var>owner policy</var>'s <span data-x="embedder-policy-value">value</span> is
+   "<code data-x="">unsafe-none</code>" or <var>policy</var>'s
+   <span data-x="embedder-policy-value">value</span> is "<code data-x="">require-corp</code>",
+   then return "<code data-x="">allowed</code>".</p></li>
+
+   <li><p><span>Queue a Cross-Origin Embedder Policy violation on worker initialization</span>
+   with <var>request</var>, <var>owner's policy</var>'s
+   <span data-x="embedder-policy-reporting-endpoint">reporting endpoint</span> and
+   <var>owner</var>.</p></li>
+
+   <li><p>Return "<code data-x="">blocked</code>".</p></li>
+  </ol>
+
   <p>When a user agent is to <dfn data-export="">run a worker</dfn> for a script with
   <code>Worker</code> or <code>SharedWorker</code> object <var>worker</var>, <span>URL</span>
   <var>url</var>, <span>environment settings object</span> <var>outside settings</var>,
@@ -98103,6 +98201,11 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
      <span data-x="obtain an embedder policy">obtaining an embedder policy</span> from
      <var>response</var>.</p></li>
 
+     <li><p>If the result of <span data-x="check a global object's embedder policy">Checking a
+     global object's embedder policy</span> with <var>worker global scope</var>, <var>owner</var>
+     and <var>request</var> is "<code data-x="">blocked</code>", then set <var>response</var>
+     to a <span>network error</span>.
+
      <li><p>Execute the <span>Initialize a <code data-x="">global object</code>'s CSP list</span>
      algorithm on <var>worker global scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
 
@@ -120604,6 +120707,9 @@ INSERT INTERFACES HERE
    <dt id="refsMEDIASTREAM">[MEDIASTREAM]</dt>
    <dd><cite><a href="https://w3c.github.io/mediacapture-main/getusermedia.html">Media Capture and Streams</a></cite>, D. Burnett, A. Bergkvist, C. Jennings, A. Narayanan. W3C.</dd>
 
+   <dt id="refsREPORTING">[REPORTING]</dt>
+   <dd><cite><a href="https://w3c.github.io/reporting/">Reporting</a></cite>, D. Creager, I. Clelland, M. West. W3C.</dd>
+
    <dt id="refsMFREL">[MFREL]</dt>
    <dd><cite><a href="http://microformats.org/wiki/existing-rel-values#HTML5_link_type_extensions">Microformats Wiki: existing rel values</a></cite>. Microformats.</dd>
 
