diff --git a/fetch.bs b/fetch.bs index 1668dda27..94a51a630 100755 --- a/fetch.bs +++ b/fetch.bs @@ -66,6 +66,9 @@ urlPrefix:https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-layered-cooki url:name-retrieve-cookies;text:retrieve cookies url:name-serialize-cookies;text:serialize cookies url:name-garbage-collect-cookies;text:garbage collect cookies + +urlPrefix:https://www.rfc-editor.org/rfc/rfc6454;type:dfn;spec:RFC6454 + url:section-7.1;text:serialized-origin 
@@ -3601,9 +3604,59 @@ request header indicates where a
 
 
 
Its possible values are all the return values of
-byte-serializing a request origin, given a request.
+byte-serializing a request origin, given a request. These are represented by
+the following ABNF:
+
+

+serialized-ipv4   = dec-octet "." dec-octet "." dec-octet "." dec-octet
+dec-octet         = DIGIT                 ; 0-9
+                  / %x31-39 DIGIT         ; 10-99
+                  / "1" 2DIGIT            ; 100-199
+                  / "2" %x30-34 DIGIT     ; 200-249
+                  / "25" %x30-35          ; 250-255
+
+serialized-ipv6   =                            7( h16 ":" ) h16
+                  /                       "::" 5( h16 ":" ) h16
+                  / [               h16 ] "::" 4( h16 ":" ) h16
+                  / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) h16
+                  / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) h16
+                  / [ *3( h16 ":" ) h16 ] "::"    h16 ":"   h16
+                  / [ *4( h16 ":" ) h16 ] "::"              h16
+                  / [ *5( h16 ":" ) h16 ] "::"
+h16               = "0" / ( non-zero-hex 0*3hex )
+non-zero-hex      = %x31-39 / %x61-66 ; '1'-'9' or lowercase 'a'-'f'
+hex               = %x30-39 / %x61-66 ; '0'-'9' or lowercase 'a'-'f
+
+lower-alpha       = %x61-7A
+lower-alphanum    = lower-alpha / DIGIT
+domain-label      = lower-alphanum / ( lower-alphanum *( lower-alphanum / "-" ) lower-alphanum )
+serialized-domain = *( domain-label "." ) domain-label
+
+serialized-scheme = lower-alpha *( lower-alphanum / "+" / "-" / "." )
+serialized-host   = serialized-ipv4 / "[" serialized-ipv6 "]" / serialized-domain
+serialized-port   = 1*5DIGIT
+
+serialized-origin = serialized-scheme "://" serialized-host [ ":" serialized-port ]
+origin-or-null    = serialized-origin / %s"null" ; case-sensitive
+
+Origin = origin-or-null
+

+
+

+
This supplants the definition in The Web Origin Concept. [[ORIGIN]]
 
-
This supplants the definition in The Web Origin Concept. [[ORIGIN]]
+
The origin serialization defined here is more constrained than [[RFC3986]]'s grammar in two
+substantial ways. First, scheme and domains serializations are all lower case ASCII, without
+percent encoding. Second, following the recommendations of [[URL#host-serializing]] and [[RFC5952]],
+IPv6 addresses are limited as follows:
+
+

+

 
 

 
@@ -3816,8 +3869,9 @@ tactics can differ between the response to the CORS-preflight request and
 Access-Control-Request-Method    = method
 Access-Control-Request-Headers   = 1#field-name
 
-wildcard                         = "*"
-Access-Control-Allow-Origin      = origin-or-null / wildcard
+wildcard                         = "*"
+Access-Control-Allow-Origin      = origin-or-null / wildcard
+
 Access-Control-Allow-Credentials = %s"true" ; case-sensitive
 Access-Control-Expose-Headers    = #field-name
 Access-Control-Max-Age           = delta-seconds