CachedResourceRequest::setAsPotentiallyCrossOrigin() mixes the concepts of CORS settings states (No CORS, Anonymous and Use Credentials) and module script credentials mode ("omit", "same-origin", and "include") into an algorithm that has a passing resemblance of the algorithm Create a potential-CORS request from the HTML standard: <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request> (31 August 2018). Although the standard describes a mapping between CORS settings states and module script credentials modes it is error prone and confusing for setAsPotentiallyCrossOrigin() to support both concepts, called a "cross origin mode", as input to it. We should separate these concepts and more closely implement the algorithm Create a potential-CORS request from the HTML standard.
Created attachment 348795 [details] Patch
Comment on attachment 348795 [details] Patch Clearing flags on attachment: 348795 Committed r235617: <https://trac.webkit.org/changeset/235617>
All reviewed patches have been landed. Closing bug.
<rdar://problem/44101478>