From 55315d72f7382f57368b8d6126a2ff7cd237fbe8 Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Sun, 30 Oct 2022 14:41:36 +0000
Subject: [PATCH] LibWeb: Explain the use-URL-credentials flag

This is a change in the Fetch spec.

See: https://github.com/whatwg/fetch/commit/a388348
---
 .../Fetch/Infrastructure/HTTP/Requests.h      | 61 +++++++++++++------
 1 file changed, 43 insertions(+), 18 deletions(-)

diff --git a/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.h b/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.h
index 2bca0f6bda..0ad42e75c6 100644
--- a/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.h
+++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.h
@@ -332,7 +332,8 @@ private:
     HTML::EnvironmentSettingsObject* m_client { nullptr };
 
     // https://fetch.spec.whatwg.org/#concept-request-reserved-client
-    // A request has an associated reserved client (null, an environment, or an environment settings object). Unless stated otherwise it is null.
+    // A request has an associated reserved client (null, an environment, or an environment settings object). Unless
+    // stated otherwise it is null.
     ReservedClientType m_reserved_client;
 
     // https://fetch.spec.whatwg.org/#concept-request-replaces-client-id
@@ -340,7 +341,8 @@ private:
     String m_replaces_client_id { String::empty() };
 
     // https://fetch.spec.whatwg.org/#concept-request-window
-    // A request has an associated window ("no-window", "client", or an environment settings object whose global object is a Window object). Unless stated otherwise it is "client".
+    // A request has an associated window ("no-window", "client", or an environment settings object whose global object
+    // is a Window object). Unless stated otherwise it is "client".
     WindowType m_window { Window::Client };
 
     // https://fetch.spec.whatwg.org/#request-keepalive-flag
@@ -348,7 +350,9 @@ private:
     bool m_keepalive { false };
 
     // https://fetch.spec.whatwg.org/#request-initiator-type
-    // A request has an associated initiator type, which is null, "audio", "beacon", "body", "css", "early-hint", "embed", "fetch", "font", "frame", "iframe", "image", "img", "input", "link", "object", "ping", "script", "track", "video", "xmlhttprequest", or "other". Unless stated otherwise it is null. [RESOURCE-TIMING]
+    // A request has an associated initiator type, which is null, "audio", "beacon", "body", "css", "early-hint",
+    // "embed", "fetch", "font", "frame", "iframe", "image", "img", "input", "link", "object", "ping", "script",
+    // "track", "video", "xmlhttprequest", or "other". Unless stated otherwise it is null. [RESOURCE-TIMING]
     Optional<InitiatorType> m_initiator_type;
 
     // https://fetch.spec.whatwg.org/#request-service-workers-mode
@@ -356,12 +360,17 @@ private:
     ServiceWorkersMode m_service_workers_mode { ServiceWorkersMode::All };
 
     // https://fetch.spec.whatwg.org/#concept-request-initiator
-    // A request has an associated initiator, which is the empty string, "download", "imageset", "manifest", "prefetch", "prerender", or "xslt". Unless stated otherwise it is the empty string.
+    // A request has an associated initiator, which is the empty string, "download", "imageset", "manifest",
+    // "prefetch", "prerender", or "xslt". Unless stated otherwise it is the empty string.
     Optional<Initiator> m_initiator;
 
     // https://fetch.spec.whatwg.org/#concept-request-destination
-    // A request has an associated destination, which is the empty string, "audio", "audioworklet", "document", "embed", "font", "frame", "iframe", "image", "manifest", "object", "paintworklet", "report", "script", "serviceworker", "sharedworker", "style", "track", "video", "webidentity", "worker", or "xslt". Unless stated otherwise it is the empty string.
-    // NOTE: These are reflected on RequestDestination except for "serviceworker" and "webidentity" as fetches with those destinations skip service workers.
+    // A request has an associated destination, which is the empty string, "audio", "audioworklet", "document",
+    // "embed", "font", "frame", "iframe", "image", "manifest", "object", "paintworklet", "report", "script",
+    // "serviceworker", "sharedworker", "style", "track", "video", "webidentity", "worker", or "xslt". Unless stated
+    // otherwise it is the empty string.
+    // NOTE: These are reflected on RequestDestination except for "serviceworker" and "webidentity" as fetches with
+    //       those destinations skip service workers.
     Optional<Destination> m_destination;
 
     // https://fetch.spec.whatwg.org/#concept-request-priority
@@ -373,19 +382,23 @@ private:
     OriginType m_origin { Origin::Client };
 
     // https://fetch.spec.whatwg.org/#concept-request-policy-container
-    // A request has an associated policy container, which is "client" or a policy container. Unless stated otherwise it is "client".
+    // A request has an associated policy container, which is "client" or a policy container. Unless stated otherwise
+    // it is "client".
     PolicyContainerType m_policy_container { PolicyContainer::Client };
 
     // https://fetch.spec.whatwg.org/#concept-request-referrer
-    // A request has an associated referrer, which is "no-referrer", "client", or a URL. Unless stated otherwise it is "client".
+    // A request has an associated referrer, which is "no-referrer", "client", or a URL. Unless stated otherwise it is
+    // "client".
     ReferrerType m_referrer { Referrer::Client };
 
     // https://fetch.spec.whatwg.org/#concept-request-referrer-policy
-    // A request has an associated referrer policy, which is a referrer policy. Unless stated otherwise it is the empty string.
+    // A request has an associated referrer policy, which is a referrer policy. Unless stated otherwise it is the empty
+    // string.
     Optional<ReferrerPolicy::ReferrerPolicy> m_referrer_policy;
 
     // https://fetch.spec.whatwg.org/#concept-request-mode
-    // A request has an associated mode, which is "same-origin", "cors", "no-cors", "navigate", or "websocket". Unless stated otherwise, it is "no-cors".
+    // A request has an associated mode, which is "same-origin", "cors", "no-cors", "navigate", or "websocket". Unless
+    // stated otherwise, it is "no-cors".
     Mode m_mode { Mode::NoCORS };
 
     // https://fetch.spec.whatwg.org/#use-cors-preflight-flag
@@ -393,19 +406,26 @@ private:
     bool m_use_cors_preflight { false };
 
     // https://fetch.spec.whatwg.org/#concept-request-credentials-mode
-    // A request has an associated credentials mode, which is "omit", "same-origin", or "include". Unless stated otherwise, it is "same-origin".
+    // A request has an associated credentials mode, which is "omit", "same-origin", or "include". Unless stated
+    // otherwise, it is "same-origin".
     CredentialsMode m_credentials_mode { CredentialsMode::SameOrigin };
 
     // https://fetch.spec.whatwg.org/#concept-request-use-url-credentials-flag
     // A request has an associated use-URL-credentials flag. Unless stated otherwise, it is unset.
+    // NOTE: When this flag is set, when a request’s URL has a username and password, and there is an available
+    //       authentication entry for the request, then the URL’s credentials are preferred over that of the
+    //       authentication entry. Modern specifications avoid setting this flag, since putting credentials in URLs is
+    //       discouraged, but some older features set it for compatibility reasons.
     bool m_use_url_credentials { false };
 
     // https://fetch.spec.whatwg.org/#concept-request-cache-mode
-    // A request has an associated cache mode, which is "default", "no-store", "reload", "no-cache", "force-cache", or "only-if-cached". Unless stated otherwise, it is "default".
+    // A request has an associated cache mode, which is "default", "no-store", "reload", "no-cache", "force-cache", or
+    // "only-if-cached". Unless stated otherwise, it is "default".
     CacheMode m_cache_mode { CacheMode::Default };
 
     // https://fetch.spec.whatwg.org/#concept-request-redirect-mode
-    // A request has an associated redirect mode, which is "follow", "error", or "manual". Unless stated otherwise, it is "follow".
+    // A request has an associated redirect mode, which is "follow", "error", or "manual". Unless stated otherwise, it
+    // is "follow".
     RedirectMode m_redirect_mode { RedirectMode::Follow };
 
     // https://fetch.spec.whatwg.org/#concept-request-integrity-metadata
@@ -413,11 +433,13 @@ private:
     String m_integrity_metadata { String::empty() };
 
     // https://fetch.spec.whatwg.org/#concept-request-nonce-metadata
-    // A request has associated cryptographic nonce metadata (a string). Unless stated otherwise, it is the empty string.
+    // A request has associated cryptographic nonce metadata (a string). Unless stated otherwise, it is the empty
+    // string.
     String m_cryptographic_nonce_metadata { String::empty() };
 
     // https://fetch.spec.whatwg.org/#concept-request-parser-metadata
-    // A request has associated parser metadata which is the empty string, "parser-inserted", or "not-parser-inserted". Unless otherwise stated, it is the empty string.
+    // A request has associated parser metadata which is the empty string, "parser-inserted", or
+    // "not-parser-inserted". Unless otherwise stated, it is the empty string.
     Optional<ParserMetadata> m_parser_metadata;
 
     // https://fetch.spec.whatwg.org/#concept-request-reload-navigation-flag
@@ -437,7 +459,8 @@ private:
     bool m_render_blocking { false };
 
     // https://fetch.spec.whatwg.org/#concept-request-url-list
-    // A request has an associated URL list (a list of one or more URLs). Unless stated otherwise, it is a list containing a copy of request’s URL.
+    // A request has an associated URL list (a list of one or more URLs). Unless stated otherwise, it is a list
+    // containing a copy of request’s URL.
     Vector<AK::URL> m_url_list;
 
     // https://fetch.spec.whatwg.org/#concept-request-redirect-count
@@ -446,11 +469,13 @@ private:
     u8 m_redirect_count { 0 };
 
     // https://fetch.spec.whatwg.org/#concept-request-response-tainting
-    // A request has an associated response tainting, which is "basic", "cors", or "opaque". Unless stated otherwise, it is "basic".
+    // A request has an associated response tainting, which is "basic", "cors", or "opaque". Unless stated otherwise,
+    // it is "basic".
     ResponseTainting m_response_tainting { ResponseTainting::Basic };
 
     // https://fetch.spec.whatwg.org/#no-cache-prevent-cache-control
-    // A request has an associated prevent no-cache cache-control header modification flag. Unless stated otherwise, it is unset.
+    // A request has an associated prevent no-cache cache-control header modification flag. Unless stated otherwise, it
+    // is unset.
     bool m_prevent_no_cache_cache_control_header_modification { false };
 
     // https://fetch.spec.whatwg.org/#done-flag