corsMode is declared in one of the substeps in the step 4 but referenced from the step 5. Instead, it should be declared at the top level and modified by the step 4.
I also think the step 5 should be part of the step 4.
headerList should be initialized as an empty header list, not null.
So, it should be:
Let fetchMode be "no-cors".
Let headerList be a new empty header list.
If data is not null:
Extract ...
If the amount ...
If mimeType is not null:
If Content-Type/mimeType is not a CORS-safelisted request-header, set fetchMode to "cors".
/cc @yutakahirano
https://w3c.github.io/beacon/#sec-processing-model
corsMode is declared in one of the substeps in the step 4 but referenced from the step 5. Instead, it should be declared at the top level and modified by the step 4.
I also think the step 5 should be part of the step 4.
headerList should be initialized as an empty header list, not null.
So, it should be:
no-cors
".Content-Type
/mimeType is not a CORS-safelisted request-header, set fetchMode to "cors
".Content-Type
/mimeType to headerList.