ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
160 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 2a98883031
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2a98883031'
${ noResults }
server_playground/doc/www.w3.org/TR/html5/fetching-resources.html

760 lines
37 KiB
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US-x-Hixie" ><head><title>2.7 Fetching resources &#8212; HTML5 </title><style type="text/css">
pre { margin-left: 2em; white-space: pre-wrap; }
h2 { margin: 3em 0 1em 0; }
h3 { margin: 2.5em 0 1em 0; }
h4 { margin: 2.5em 0 0.75em 0; }
h5, h6 { margin: 2.5em 0 1em; }
h1 + h2, h1 + h2 + h2 { margin: 0.75em 0 0.75em; }
h2 + h3, h3 + h4, h4 + h5, h5 + h6 { margin-top: 0.5em; }
p { margin: 1em 0; }
hr:not(.top) { display: block; background: none; border: none; padding: 0; margin: 2em 0; height: auto; }
dl, dd { margin-top: 0; margin-bottom: 0; }
dt { margin-top: 0.75em; margin-bottom: 0.25em; clear: left; }
dt + dt { margin-top: 0; }
dd dt { margin-top: 0.25em; margin-bottom: 0; }
dd p { margin-top: 0; }
dd dl + p { margin-top: 1em; }
dd table + p { margin-top: 1em; }
p + * > li, dd li { margin: 1em 0; }
dt, dfn { font-weight: bold; font-style: normal; }
dt dfn { font-style: italic; }
pre, code { font-size: inherit; font-family: monospace; font-variant: normal; }
pre strong { color: black; font: inherit; font-weight: bold; background: yellow; }
pre em { font-weight: bolder; font-style: normal; }
@media screen { code { color: orangered; } code :link, code :visited { color: inherit; } }
var sub { vertical-align: bottom; font-size: smaller; position: relative; top: 0.1em; }
table { border-collapse: collapse; border-style: hidden hidden none hidden; }
table thead, table tbody { border-bottom: solid; }
table tbody th:first-child { border-left: solid; }
table tbody th { text-align: left; }
table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; }
blockquote { margin: 0 0 0 2em; border: 0; padding: 0; font-style: italic; }
.bad, .bad *:not(.XXX) { color: gray; border-color: gray; background: transparent; }
.matrix, .matrix td { border: none; text-align: right; }
.matrix { margin-left: 2em; }
.dice-example { border-collapse: collapse; border-style: hidden solid solid hidden; border-width: thin; margin-left: 3em; }
.dice-example caption { width: 30em; font-size: smaller; font-style: italic; padding: 0.75em 0; text-align: left; }
.dice-example td, .dice-example th { border: solid thin; width: 1.35em; height: 1.05em; text-align: center; padding: 0; }
.toc dfn, h1 dfn, h2 dfn, h3 dfn, h4 dfn, h5 dfn, h6 dfn { font: inherit; }
img.extra { float: right; }
pre.idl { border: solid thin; background: #EEEEEE; color: black; padding: 0.5em 1em; }
pre.idl :link, pre.idl :visited { color: inherit; background: transparent; }
pre.css { border: solid thin; background: #FFFFEE; color: black; padding: 0.5em 1em; }
pre.css:first-line { color: #AAAA50; }
dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; }
hr + dl.domintro, div.impl + dl.domintro { margin-top: 2.5em; margin-bottom: 1.5em; }
dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; }
dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; }
dl.domintro dd p { margin: 0.5em 0; }
dl.switch { padding-left: 2em; }
dl.switch > dt { text-indent: -1.5em; }
dl.switch > dt:before { content: '\21AA'; padding: 0 0.5em 0 0; display: inline-block; width: 1em; text-align: right; line-height: 0.5em; }
dl.triple { padding: 0 0 0 1em; }
dl.triple dt, dl.triple dd { margin: 0; display: inline }
dl.triple dt:after { content: ':'; }
dl.triple dd:after { content: '\A'; white-space: pre; }
.diff-old { text-decoration: line-through; color: silver; background: transparent; }
.diff-chg, .diff-new { text-decoration: underline; color: green; background: transparent; }
a .diff-new { border-bottom: 1px blue solid; }
h2 { page-break-before: always; }
h1, h2, h3, h4, h5, h6 { page-break-after: avoid; }
h1 + h2, hr + h2.no-toc { page-break-before: auto; }
p > span:not([title=""]):not([class="XXX"]):not([class="impl"]):not([class="note"]),
li > span:not([title=""]):not([class="XXX"]):not([class="impl"]):not([class="note"]), { border-bottom: solid #9999CC; }
div.head { margin: 0 0 1em; padding: 1em 0 0 0; }
div.head p { margin: 0; }
div.head h1 { margin: 0; }
div.head .logo { float: right; margin: 0 1em; }
div.head .logo img { border: none } /* remove border from top image */
div.head dl { margin: 1em 0; }
div.head p.copyright, div.head p.alt { font-size: x-small; font-style: oblique; margin: 0; }
body > .toc > li { margin-top: 1em; margin-bottom: 1em; }
body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; }
body > .toc > li > * { margin-bottom: 0.5em; }
body > .toc > li > * > li > * { margin-bottom: 0.25em; }
.toc, .toc li { list-style: none; }
.brief { margin-top: 1em; margin-bottom: 1em; line-height: 1.1; }
.brief li { margin: 0; padding: 0; }
.brief li p { margin: 0; padding: 0; }
.category-list { margin-top: -0.75em; margin-bottom: 1em; line-height: 1.5; }
.category-list::before { content: '\21D2\A0'; font-size: 1.2em; font-weight: 900; }
.category-list li { display: inline; }
.category-list li:not(:last-child)::after { content: ', '; }
.category-list li > span, .category-list li > a { text-transform: lowercase; }
.category-list li * { text-transform: none; } /* don't affect <code> nested in <a> */
.XXX { color: #E50000; background: white; border: solid red; padding: 0.5em; margin: 1em 0; }
.XXX > :first-child { margin-top: 0; }
p .XXX { line-height: 3em; }
.annotation { border: solid thin black; background: #0C479D; color: white; position: relative; margin: 8px 0 20px 0; }
.annotation:before { position: absolute; left: 0; top: 0; width: 100%; height: 100%; margin: 6px -6px -6px 6px; background: #333333; z-index: -1; content: ''; }
.annotation :link, .annotation :visited { color: inherit; }
.annotation :link:hover, .annotation :visited:hover { background: transparent; }
.annotation span { border: none ! important; }
.note { color: green; background: transparent; font-family: sans-serif; }
.warning { color: red; background: transparent; }
.note, .warning { font-weight: bolder; font-style: italic; }
p.note, div.note { padding: 0.5em 2em; }
span.note { padding: 0 2em; }
.note p:first-child, .warning p:first-child { margin-top: 0; }
.note p:last-child, .warning p:last-child { margin-bottom: 0; }
.warning:before { font-style: normal; }
p.note:before { content: 'Note: '; }
p.warning:before { content: '\26A0 Warning! '; }
.bookkeeping:before { display: block; content: 'Bookkeeping details'; font-weight: bolder; font-style: italic; }
.bookkeeping { font-size: 0.8em; margin: 2em 0; }
.bookkeeping p { margin: 0.5em 2em; display: list-item; list-style: square; }
.bookkeeping dt { margin: 0.5em 2em 0; }
.bookkeeping dd { margin: 0 3em 0.5em; }
h4 { position: relative; z-index: 3; }
h4 + .element, h4 + div + .element { margin-top: -2.5em; padding-top: 2em; }
.element {
background: #EEEEFF;
color: black;
margin: 0 0 1em 0.15em;
padding: 0 1em 0.25em 0.75em;
border-left: solid #9999FF 0.25em;
position: relative;
z-index: 1;
}
.element:before {
position: absolute;
z-index: 2;
top: 0;
left: -1.15em;
height: 2em;
width: 0.9em;
background: #EEEEFF;
content: ' ';
border-style: none none solid solid;
border-color: #9999FF;
border-width: 0.25em;
}
.example { display: block; color: #222222; background: #FCFCFC; border-left: double; margin-left: 2em; padding-left: 1em; }
td > .example:only-child { margin: 0 0 0 0.1em; }
ul.domTree, ul.domTree ul { padding: 0 0 0 1em; margin: 0; }
ul.domTree li { padding: 0; margin: 0; list-style: none; position: relative; }
ul.domTree li li { list-style: none; }
ul.domTree li:first-child::before { position: absolute; top: 0; height: 0.6em; left: -0.75em; width: 0.5em; border-style: none none solid solid; content: ''; border-width: 0.1em; }
ul.domTree li:not(:last-child)::after { position: absolute; top: 0; bottom: -0.6em; left: -0.75em; width: 0.5em; border-style: none none solid solid; content: ''; border-width: 0.1em; }
ul.domTree span { font-style: italic; font-family: serif; }
ul.domTree .t1 code { color: purple; font-weight: bold; }
ul.domTree .t2 { font-style: normal; font-family: monospace; }
ul.domTree .t2 .name { color: black; font-weight: bold; }
ul.domTree .t2 .value { color: blue; font-weight: normal; }
ul.domTree .t3 code, .domTree .t4 code, .domTree .t5 code { color: gray; }
ul.domTree .t7 code, .domTree .t8 code { color: green; }
ul.domTree .t10 code { color: teal; }
body.dfnEnabled dfn { cursor: pointer; }
.dfnPanel {
display: inline;
position: absolute;
z-index: 10;
height: auto;
width: auto;
padding: 0.5em 0.75em;
font: small sans-serif, Droid Sans Fallback;
background: #DDDDDD;
color: black;
border: outset 0.2em;
}
.dfnPanel * { margin: 0; padding: 0; font: inherit; text-indent: 0; }
.dfnPanel :link, .dfnPanel :visited { color: black; }
.dfnPanel p { font-weight: bolder; }
.dfnPanel * + p { margin-top: 0.25em; }
.dfnPanel li { list-style-position: inside; }
#configUI { position: absolute; z-index: 20; top: 10em; right: 1em; width: 11em; font-size: small; }
#configUI p { margin: 0.5em 0; padding: 0.3em; background: #EEEEEE; color: black; border: inset thin; }
#configUI p label { display: block; }
#configUI #updateUI, #configUI .loginUI { text-align: center; }
#configUI input[type=button] { display: block; margin: auto; }
fieldset { margin: 1em; padding: 0.5em 1em; }
fieldset > legend + * { margin-top: 0; }
fieldset > :last-child { margin-bottom: 0; }
fieldset p { margin: 0.5em 0; }
.stability {
position: fixed;
bottom: 0;
left: 0; right: 0;
margin: 0 auto 0 auto !important;
z-index: 1000;
width: 50%;
background: maroon; color: yellow;
-webkit-border-radius: 1em 1em 0 0;
-moz-border-radius: 1em 1em 0 0;
border-radius: 1em 1em 0 0;
-moz-box-shadow: 0 0 1em #500;
-webkit-box-shadow: 0 0 1em #500;
box-shadow: 0 0 1em red;
padding: 0.5em 1em;
text-align: center;
}
.stability strong {
display: block;
}
.stability input {
appearance: none; margin: 0; border: 0; padding: 0.25em 0.5em; background: transparent; color: black;
position: absolute; top: -0.5em; right: 0; font: 1.25em sans-serif; text-align: center;
}
.stability input:hover {
color: white;
text-shadow: 0 0 2px black;
}
.stability input:active {
padding: 0.3em 0.45em 0.2em 0.55em;
}
.stability :link, .stability :visited,
.stability :link:hover, .stability :visited:hover {
background: transparent;
color: white;
}
</style><link href="data:text/css,.impl%20%7B%20display:%20none;%20%7D%0Ahtml%20%7B%20border:%20solid%20yellow;%20%7D%20.domintro:before%20%7B%20display:%20none;%20%7D" id="author" rel="alternate stylesheet" title="Author documentation only"><link href="data:text/css,.impl%20%7B%20background:%20%23FFEEEE;%20%7D%20.domintro:before%20%7B%20background:%20%23FFEEEE;%20%7D" id="highlight" rel="alternate stylesheet" title="Highlight implementation
requirements"><link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css"><style type="text/css">
.applies thead th > * { display: block; }
.applies thead code { display: block; }
.applies tbody th { whitespace: nowrap; }
.applies td { text-align: center; }
.applies .yes { background: yellow; }
.matrix, .matrix td { border: hidden; text-align: right; }
.matrix { margin-left: 2em; }
.dice-example { border-collapse: collapse; border-style: hidden solid solid hidden; border-width: thin; margin-left: 3em; }
.dice-example caption { width: 30em; font-size: smaller; font-style: italic; padding: 0.75em 0; text-align: left; }
.dice-example td, .dice-example th { border: solid thin; width: 1.35em; height: 1.05em; text-align: center; padding: 0; }
td.eg { border-width: thin; text-align: center; }
#table-example-1 { border: solid thin; border-collapse: collapse; margin-left: 3em; }
#table-example-1 * { font-family: "Essays1743", serif; line-height: 1.01em; }
#table-example-1 caption { padding-bottom: 0.5em; }
#table-example-1 thead, #table-example-1 tbody { border: none; }
#table-example-1 th, #table-example-1 td { border: solid thin; }
#table-example-1 th { font-weight: normal; }
#table-example-1 td { border-style: none solid; vertical-align: top; }
#table-example-1 th { padding: 0.5em; vertical-align: middle; text-align: center; }
#table-example-1 tbody tr:first-child td { padding-top: 0.5em; }
#table-example-1 tbody tr:last-child td { padding-bottom: 1.5em; }
#table-example-1 tbody td:first-child { padding-left: 2.5em; padding-right: 0; width: 9em; }
#table-example-1 tbody td:first-child::after { content: leader(". "); }
#table-example-1 tbody td { padding-left: 2em; padding-right: 2em; }
#table-example-1 tbody td:first-child + td { width: 10em; }
#table-example-1 tbody td:first-child + td ~ td { width: 2.5em; }
#table-example-1 tbody td:first-child + td + td + td ~ td { width: 1.25em; }
.apple-table-examples { border: none; border-collapse: separate; border-spacing: 1.5em 0em; width: 40em; margin-left: 3em; }
.apple-table-examples * { font-family: "Times", serif; }
.apple-table-examples td, .apple-table-examples th { border: none; white-space: nowrap; padding-top: 0; padding-bottom: 0; }
.apple-table-examples tbody th:first-child { border-left: none; width: 100%; }
.apple-table-examples thead th:first-child ~ th { font-size: smaller; font-weight: bolder; border-bottom: solid 2px; text-align: center; }
.apple-table-examples tbody th::after, .apple-table-examples tfoot th::after { content: leader(". ") }
.apple-table-examples tbody th, .apple-table-examples tfoot th { font: inherit; text-align: left; }
.apple-table-examples td { text-align: right; vertical-align: top; }
.apple-table-examples.e1 tbody tr:last-child td { border-bottom: solid 1px; }
.apple-table-examples.e1 tbody + tbody tr:last-child td { border-bottom: double 3px; }
.apple-table-examples.e2 th[scope=row] { padding-left: 1em; }
.apple-table-examples sup { line-height: 0; }
.details-example img { vertical-align: top; }
#base64-table {
white-space: nowrap;
font-size: 0.6em;
column-width: 6em;
column-count: 5;
column-gap: 1em;
-moz-column-width: 6em;
-moz-column-count: 5;
-moz-column-gap: 1em;
-webkit-column-width: 6em;
-webkit-column-count: 5;
-webkit-column-gap: 1em;
}
#base64-table thead { display: none; }
#base64-table * { border: none; }
#base64-table tbody td:first-child:after { content: ':'; }
#base64-table tbody td:last-child { text-align: right; }
#named-character-references-table {
white-space: nowrap;
font-size: 0.6em;
column-width: 30em;
column-gap: 1em;
-moz-column-width: 30em;
-moz-column-gap: 1em;
-webkit-column-width: 30em;
-webkit-column-gap: 1em;
}
#named-character-references-table > table > tbody > tr > td:first-child + td,
#named-character-references-table > table > tbody > tr > td:last-child { text-align: center; }
#named-character-references-table > table > tbody > tr > td:last-child:hover > span { position: absolute; top: auto; left: auto; margin-left: 0.5em; line-height: 1.2; font-size: 5em; border: outset; padding: 0.25em 0.5em; background: white; width: 1.25em; height: auto; text-align: center; }
#named-character-references-table > table > tbody > tr#entity-CounterClockwiseContourIntegral > td:first-child { font-size: 0.5em; }
.glyph.control { color: red; }
@font-face {
font-family: 'Essays1743';
src: url('http://www.whatwg.org/specs/web-apps/current-work/fonts/Essays1743.ttf');
}
@font-face {
font-family: 'Essays1743';
font-weight: bold;
src: url('http://www.whatwg.org/specs/web-apps/current-work/fonts/Essays1743-Bold.ttf');
}
@font-face {
font-family: 'Essays1743';
font-style: italic;
src: url('http://www.whatwg.org/specs/web-apps/current-work/fonts/Essays1743-Italic.ttf');
}
@font-face {
font-family: 'Essays1743';
font-style: italic;
font-weight: bold;
src: url('http://www.whatwg.org/specs/web-apps/current-work/fonts/Essays1743-BoldItalic.ttf');
}
</style><style type="text/css">
.domintro:before { display: table; margin: -1em -0.5em -0.5em auto; width: auto; content: 'This box is non-normative. Implementation requirements are given below this box.'; color: black; font-style: italic; border: solid 2px; background: white; padding: 0 0.25em; }
</style><script type="text/javascript">
function getCookie(name) {
var params = location.search.substr(1).split("&");
for (var index = 0; index < params.length; index++) {
if (params[index] == name)
return "1";
var data = params[index].split("=");
if (data[0] == name)
return unescape(data[1]);
}
var cookies = document.cookie.split("; ");
for (var index = 0; index < cookies.length; index++) {
var data = cookies[index].split("=");
if (data[0] == name)
return unescape(data[1]);
}
return null;
}
</script>
<script src="link-fixup.js" type="text/javascript"></script>
<link href="style.css" rel="stylesheet"><link href="urls.html" title="2.6 URLs" rel="prev">
<link href="spec.html#contents" title="Table of contents" rel="index">
<link href="common-dom-interfaces.html" title="2.8 Common DOM interfaces" rel="next">
</head><body><div class="head" id="head">
<div id="multipage-common">
<p class="stability" id="wip"><strong>This is a work in
progress!</strong> For the latest updates from the HTML WG, possibly
including important bug fixes, please look at the <a href="http://dev.w3.org/html5/spec/Overview.html">editor's draft</a> instead.
There may also be a more
<a href="http://www.w3.org/TR/html5">up-to-date Working Draft</a>
with changes based on resolution of Last Call issues.
<input onclick="closeWarning(this.parentNode)" type="button" value="&#9587;&#8413;"></p>
<script type="text/javascript">
function closeWarning(element) {
element.parentNode.removeChild(element);
var date = new Date();
date.setDate(date.getDate()+4);
document.cookie = 'hide-obsolescence-warning=1; expires=' + date.toGMTString();
}
if (getCookie('hide-obsolescence-warning') == '1')
setTimeout(function () { document.getElementById('wip').parentNode.removeChild(document.getElementById('wip')); }, 2000);
</script></div>
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
</div><div>
<a href="urls.html" class="prev">2.6 URLs</a> &#8211;
<a href="spec.html#contents">Table of contents</a> &#8211;
<a href="common-dom-interfaces.html" class="next">2.8 Common DOM interfaces</a>
<ol class="toc"><li><ol><li><a href="fetching-resources.html#fetching-resources"><span class="secno">2.7 </span>Fetching resources</a>
<ol><li><a href="fetching-resources.html#concept-http-equivalent"><span class="secno">2.7.1 </span>Protocol concepts</a></li><li><a href="fetching-resources.html#encrypted-http-and-related-security-concerns"><span class="secno">2.7.2 </span>Encrypted HTTP and related security concerns</a></li><li><a href="fetching-resources.html#content-type-sniffing"><span class="secno">2.7.3 </span>Determining the type of a resource</a></li><li><a href="fetching-resources.html#extracting-encodings-from-meta-elements"><span class="secno">2.7.4 </span>Extracting encodings from <code>meta</code> elements</a></li></ol></li></ol></li></ol></div>
<div class="impl">
<h3 id="fetching-resources"><span class="secno">2.7 </span>Fetching resources</h3>
<p>When a user agent is to <dfn id="fetch">fetch</dfn> a resource or
<a href="urls.html#url">URL</a>, optionally from an origin <i title="">origin</i>,
and optionally with a <i>synchronous flag</i>, a <i>manual redirect
flag</i>, a <i>force same-origin flag</i>, and/or a <i>block cookies
flag</i>, the following steps must be run. (When a <em>URL</em> is
to be fetched, the URL identifies a resource to be obtained.)</p>
<ol><li>
<p>Let <var title="">document</var> be the appropriate
<code><a href="infrastructure.html#document">Document</a></code> as given by the following list:</p>
<dl class="switch"><dt>When <a href="history.html#navigate" title="navigate">navigating</a></dt>
<dd>The <a href="browsers.html#active-document">active document</a> of the <a href="history.html#source-browsing-context">source browsing
context</a>.</dd>
<dt>When fetching resources for an element</dt>
<dd>The element's <code><a href="infrastructure.html#document">Document</a></code>.</dd>
<dt>When fetching resources in response to a call to an API</dt>
<dd>The <a href="browsers.html#entry-script">entry script</a>'s <a href="webappapis.html#script-s-document" title="script's
document">document</a>.</dd>
</dl></li>
<li>
<p>While <var title="">document</var> is <a href="the-iframe-element.html#an-iframe-srcdoc-document">an
<code>iframe</code> <code title="attr-iframe-srcdoc">srcdoc</code>
document</a>, let <var title="">document</var> be <var title="">document</var>'s <a href="browsers.html#browsing-context">browsing context</a>'s
<a href="browsers.html#browsing-context-container">browsing context container</a>'s <code><a href="infrastructure.html#document">Document</a></code>
instead.</p>
</li>
<li>
<p>Generate the <i>address of the resource from which Request-URIs
are obtained</i> as required by HTTP for the <code title="http-referer">Referer</code> (sic) header from <a href="dom.html#the-document-s-current-address">the
document's current address</a> of <var title="">document</var>.
<a href="references.html#refsHTTP">[HTTP]</a></p>
<p>Remove any <a href="urls.html#url-fragment" title="url-fragment">&lt;fragment&gt;</a>
component from the generated <i>address of the resource from which
Request-URIs are obtained</i>.</p>
<p>If the <a href="origin-0.html#origin">origin</a> of the appropriate
<code><a href="infrastructure.html#document">Document</a></code> is not a scheme/host/port tuple, then the
<code title="http-referer">Referer</code> (sic) header must be
omitted, regardless of its value.</p>
</li>
<li><p>If the algorithm was not invoked with the <i>synchronous
flag</i>, perform the remaining steps asynchronously.</p></li>
<li>
<p>This is the <i>main step</i>.</p>
<p>If the resource is identified by an <a href="urls.html#absolute-url">absolute URL</a>,
and the resource is to be obtained using an idempotent action
(such as an HTTP GET <a href="#concept-http-equivalent-get" title="concept-http-equivalent-get">or
equivalent</a>), and it is already being downloaded for other
reasons (e.g. another invocation of this algorithm), and this
request would be identical to the previous one (e.g. same <code title="http-accept">Accept</code> and <code title="http-origin">Origin</code> headers), and the user agent is
configured such that it is to reuse the data from the existing
download instead of initiating a new one, then use the results of
the existing download instead of starting a new one.</p>
<p>Otherwise, if the resource is identified by an <a href="urls.html#absolute-url">absolute
URL</a> with a scheme that does not define a mechanism to
obtain the resource (e.g. it is a <code title="">mailto:</code>
URL) or that the user agent does not support, then act as if the
resource was an HTTP 204 No Content response with no other
metadata.</p>
<p>Otherwise, if the resource is identified by the
<a href="urls.html#url">URL</a> <dfn id="about:blank"><code>about:blank</code></dfn>, then the
resource is immediately available and consists of the empty
string, with no metadata.</p>
<p>Otherwise, at a time convenient to the user and the user agent,
download (or otherwise obtain) the resource, applying the
semantics of the relevant specifications (e.g. performing an HTTP
GET or POST operation, or reading the file from disk, <a href="webappapis.html#concept-js-deref" title="concept-js-deref">dereferencing <span title="javascript
protocol"><code title="">javascript:</code> URLs</span></a>,
etc).</p>
<p>For the purposes of the <code title="http-referer">Referer</code> (sic) header, use the
<i>address of the resource from which Request-URIs are
obtained</i> generated in the earlier step.</p>
<p>For the purposes of the <code title="http-origin">Origin</code>
header, if the <a href="#fetch" title="fetch">fetching algorithm</a> was
explicitly initiated from an <i title="">origin</i>, then <i title="">the origin that initiated the HTTP request</i> is <i title="">origin</i>. Otherwise, this is <i title="">a request from
a "privacy-sensitive" context</i>. <a href="references.html#refsORIGIN">[ORIGIN]</a></p>
</li>
<li>
<p>If the algorithm was not invoked with the <i>block cookies
flag</i>, and there are cookies to be set, then the user agent
must run the following substeps:</p>
<ol><li><p>Wait until ownership of the <a href="webappapis.html#storage-mutex">storage mutex</a> can
be taken by this instance of the <a href="#fetch" title="fetch">fetching</a> algorithm.</p></li>
<li><p>Take ownership of the <a href="webappapis.html#storage-mutex">storage mutex</a>.</p></li>
<li><p>Update the cookies. <a href="references.html#refsCOOKIES">[COOKIES]</a></p></li>
<li><p>Release the <a href="webappapis.html#storage-mutex">storage mutex</a> so that it is once
again free.</p></li>
</ol></li>
<li>
<p>If the fetched resource is an HTTP redirect <a href="#concept-http-equivalent-codes" title="concept-http-equivalent-codes">or equivalent</a>,
then:</p>
<dl class="switch"><dt>If the <i>force same-origin flag</i> is set and the
<a href="urls.html#url">URL</a> of the target of the redirect does not have the
<a href="origin-0.html#same-origin">same origin</a> as the <a href="urls.html#url">URL</a> for which the
<a href="#fetch">fetch</a> algorithm was invoked</dt>
<dd>
<p>Abort these steps and return failure from this algorithm, as
if the remote host could not be contacted.</p>
</dd>
<dt>If the <i>manual redirect flag</i> is set</dt>
<dd>
<p>Continue, using the fetched resource (the redirect) as the
result of the algorithm.</p>
</dd>
<dt>Otherwise</dt>
<dd>
<p>First, apply any relevant requirements for redirects (such as
showing any appropriate prompts). Then, redo <i>main step</i>,
but using the target of the redirect as the resource to fetch,
rather than the original resource.</p>
<p class="note">The HTTP specification requires that 301, 302,
and 307 redirects, when applied to methods other than the safe
methods, not be followed without user confirmation. That would
be an appropriate prompt for the purposes of the requirement in
the paragraph above. <a href="references.html#refsHTTP">[HTTP]</a></p>
</dd>
</dl></li>
<li>
<p>If the algorithm was not invoked with the <i>synchronous
flag</i>: When the resource is available, or if there is an error
of some description, <a href="webappapis.html#queue-a-task">queue a task</a> that uses the
resource as appropriate. If the resource can be processed
incrementally, as, for instance, with a progressively interlaced
JPEG or an HTML file, additional tasks may be queued to process
the data as it is downloaded. The <a href="webappapis.html#task-source">task source</a> for
these <a href="webappapis.html#concept-task" title="concept-task">tasks</a> is the
<a href="webappapis.html#networking-task-source">networking task source</a>.</p>
<p>Otherwise, return the resource or error information to the
calling algorithm.</p>
</li>
</ol><p>If the user agent can determine the actual length of the resource
being <a href="#fetch" title="fetch">fetched</a> for an instance of this
algorithm, and if that length is finite, then that length is the
file's <dfn id="concept-fetch-total" title="concept-fetch-total">size</dfn>. Otherwise, the
subject of the algorithm (that is, the resource being fetched) has
no known <a href="#concept-fetch-total" title="concept-fetch-total">size</a>. (For
example, the HTTP <code title="http-content-length">Content-Length</code> header might
provide this information.)</p>
<p>The user agent must also keep track of the <dfn id="concept-fetch-loaded" title="concept-fetch-loaded">number of bytes downloaded</dfn> for
each instance of this algorithm. This number must exclude any
out-of-band metadata, such as HTTP headers.</p>
<p class="note">The <a href="offline.html#application-cache">application cache</a> processing model
introduces some <a href="offline.html#changesToNetworkingModel">changes to the
networking model</a> to handle the returning of cached
resources.</p>
<p class="note">The <a href="history.html#navigate" title="navigate">navigation</a>
processing model handles redirects itself, overriding the
redirection handling that would be done by the fetching
algorithm.</p>
<p class="note">Whether the <a href="#content-type-sniffing">type
sniffing rules</a> apply to the fetched resource depends on the
algorithm that invokes the rules &#8212; they are not always
applicable.</p>
<h4 id="concept-http-equivalent"><span class="secno">2.7.1 </span>Protocol concepts</h4>
<p>User agents can implement a variety of transfer protocols, but
this specification mostly defines behavior in terms of HTTP. <a href="references.html#refsHTTP">[HTTP]</a></p>
<p>The <dfn id="concept-http-equivalent-get" title="concept-http-equivalent-get">HTTP GET
method</dfn> is equivalent to the default retrieval action of the
protocol. For example, RETR in FTP. Such actions are idempotent and
safe, in HTTP terms.</p>
<p>The <dfn id="concept-http-equivalent-codes" title="concept-http-equivalent-codes">HTTP response
codes</dfn> are equivalent to statuses in other protocols that have
the same basic meanings. For example, a "file not found" error is
equivalent to a 404 code, a server error is equivalent to a 5xx
code, and so on.</p>
<p>The <dfn id="concept-http-equivalent-headers" title="concept-http-equivalent-headers">HTTP
headers</dfn> are equivalent to fields in other protocols that have
the same basic meaning. For example, the HTTP authentication
headers are equivalent to the authentication aspects of the FTP
protocol.</p>
<h4 id="encrypted-http-and-related-security-concerns"><span class="secno">2.7.2 </span>Encrypted HTTP and related security concerns</h4>
<p>Anything in this specification that refers to HTTP also applies
to HTTP-over-TLS, as represented by <a href="urls.html#url" title="url">URLs</a>
representing the <code title="">https</code> scheme.</p>
<p class="warning">User agents should report certificate errors to
the user and must either refuse to download resources sent with
erroneous certificates or must act as if such resources were in fact
served with no encryption.</p>
<p>User agents should warn the user that there is a potential
problem whenever the user visits a page that the user has previously
visited, if the page uses less secure encryption on the second
visit.</p>
<p>Not doing so can result in users not noticing man-in-the-middle
attacks.</p>
<div class="example">
<p>If a user connects to a server with a self-signed certificate,
the user agent could allow the connection but just act as if there
had been no encryption. If the user agent instead allowed the user
to override the problem and then displayed the page as if it was
fully and safely encrypted, the user could be easily tricked into
accepting man-in-the-middle connections.</p>
<p>If a user connects to a server with full encryption, but the
page then refers to an external resource that has an expired
certificate, then the user agent will act as if the resource was
unavailable, possibly also reporting the problem to the user. If
the user agent instead allowed the resource to be used, then an
attacker could just look for "secure" sites that used resources
from a different host and only apply man-in-the-middle attacks to
that host, for example taking over scripts in the page.</p>
<p>If a user bookmarks a site that uses a CA-signed certificate,
and then later revisits that site directly but the site has started
using a self-signed certificate, the user agent could warn the user
that a man-in-the-middle attack is likely underway, instead of
simply acting as if the page was not encrypted.</p>
</div>
<h4 id="content-type-sniffing"><span class="secno">2.7.3 </span>Determining the type of a resource</h4>
<p>The <dfn id="content-type" title="Content-Type">Content-Type metadata</dfn> of a
resource must be obtained and interpreted in a manner consistent
with the requirements of the Media Type Sniffing
specification. <a href="references.html#refsMIMESNIFF">[MIMESNIFF]</a></p>
<p>The <dfn id="content-type-sniffing-0" title="Content-Type sniffing">sniffed type of a
resource</dfn> must be found in a manner consistent with the
requirements given in the Media Type Sniffing
specification for finding the <i>sniffed-type</i> of the relevant
sequence of octets. <a href="references.html#refsMIMESNIFF">[MIMESNIFF]</a></p>
<p>The <dfn id="content-type-sniffing:-image" title="Content-Type sniffing: image">rules for sniffing
images specifically</dfn> and the <dfn id="content-type-sniffing:-text-or-binary" title="Content-Type sniffing:
text or binary">rules for distinguishing if a resource is text or
binary</dfn> are also defined in the Media Type Sniffing
specification. Both sets of rules return a <a href="infrastructure.html#mime-type">MIME type</a> as
their result. <a href="references.html#refsMIMESNIFF">[MIMESNIFF]</a></p>
<p class="warning">It is imperative that the rules in the
Media Type Sniffing specification be followed
exactly. When a user agent uses different heuristics for content
type detection than the server expects, security problems can
occur. For more details, see the Media Type Sniffing
specification. <a href="references.html#refsMIMESNIFF">[MIMESNIFF]</a></p>
<h4 id="extracting-encodings-from-meta-elements"><span class="secno">2.7.4 </span>Extracting encodings from <code><a href="semantics.html#the-meta-element">meta</a></code> elements</h4>
<p>The <dfn id="algorithm-for-extracting-an-encoding-from-a-meta-element">algorithm for extracting an encoding from a
<code>meta</code> element</dfn>, given a string <var title="">s</var>, is as follows. It either returns an encoding or
nothing.</p>
<ol><li><p>Let <var title="">position</var> be a pointer into <var title="">s</var>, initially pointing at the start of the
string.</p></li>
<li><p><i>Loop</i>: Find the first seven characters in <var title="">s</var> after <var title="">position</var> that are an
<a href="infrastructure.html#ascii-case-insensitive">ASCII case-insensitive</a> match for the word "<code title="">charset</code>". If no such match is found, return nothing
and abort these steps.</p></li>
<li><p>Skip any U+0009, U+000A, U+000C, U+000D, or U+0020
characters that immediately follow the word "<code title="">charset</code>" (there might not be any).</p></li>
<li><p>If the next character is not a U+003D EQUALS SIGN ('='),
then move <var title="">position</var> to point just before that
next character, and jump back to the step labeled
<i>loop</i>.</p></li>
<li><p>Skip any U+0009, U+000A, U+000C, U+000D, or U+0020
characters that immediately follow the equals sign (there might not
be any).</p></li>
<li>
<p>Process the next character as follows:</p>
<dl class="switch"><dt>If it is a U+0022 QUOTATION MARK ('"') and there is a later U+0022 QUOTATION MARK ('"') in <var title="">s</var></dt>
<dt>If it is a U+0027 APOSTROPHE ("'") and there is a later U+0027 APOSTROPHE ("'") in <var title="">s</var></dt>
<dd>Return the encoding corresponding to the string between this character and the next earliest occurrence of this character.</dd>
<dt>If it is an unmatched U+0022 QUOTATION MARK ('"')</dt>
<dt>If it is an unmatched U+0027 APOSTROPHE ("'")</dt>
<dt>If there is no next character</dt>
<dd>Return nothing.</dd>
<dt>Otherwise</dt>
<dd>Return the encoding corresponding to the string from this
character to the first U+0009, U+000A, U+000C, U+000D, U+0020, or
U+003B character or the end of <var title="">s</var>, whichever
comes first.</dd>
</dl></li>
</ol><p class="note">This algorithm is distinct from those in the HTTP
specification (for example, HTTP doesn't allow the use of single
quotes and requires supporting a backslash-escape mechanism that is
not supported by this algorithm). While the algorithm is used in contexts
that, historically, were related to HTTP, the syntax as supported by
implementations diverged some time ago. <a href="references.html#refsHTTP">[HTTP]</a></p>
</div></body></html>