noamr
commented
1 year ago It's unfortunate these have to be separate algorithms. I was hoping we could do CSP checks as part of the normal "obtain a connection" routine.
We can do that but then there would be double CSP checks, one for the request and one for the "fake" request, or we can add a flag to obtain/resolve of whether to perform the CSP check.
Preconnect & dns-prefetch test a fake prefetch request for CSP, and then obtain a connection/resolve an origin.
See whatwg/html#9035
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff