[discovery-api] Re-write CORS-related parts of the spec following subsequent feedback on http://lists.w3.org/Archives/Public/public-device-apis/2013Oct/0049.html
--- a/discovery-api/Overview.html Mon Oct 07 09:41:44 2013 +0300
+++ b/discovery-api/Overview.html Thu Oct 10 12:36:37 2013 +1100
@@ -224,10 +224,10 @@
</h1>
<h2 property="dcterms:issued"
datatype="xsd:dateTime"
- content="2013-10-06T16:06:07.000Z"
- id="w3c-editor-s-draft-07-october-2013">
+ content="2013-10-09T14:32:43.000Z"
+ id="w3c-editor-s-draft-10-october-2013">
<abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published"
- datetime="2013-10-07">07 October 2013</time>
+ datetime="2013-10-10">10 October 2013</time>
</h2>
<dl>
<dt>
@@ -540,8 +540,8 @@
"#dfn-service-discovery-mechanisms"
class="internalDFN">service discovery mechanisms</a> included in this recommendation, attempts to match the
requested service type to a discovered service according to the processing described herein. Only
- Local-networked Services that pass a <a href="#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> should be made available to web pages by a user agent. A user
+ Local-networked Services that pass a <a href="#dfn-preliminary-cors-check"
+ class="internalDFN">preliminary CORS check</a> should be made available to web pages by a user agent. A user
agent may provide a way for users to white-list non-CORS enabled Local-networked Services but implementation
of such a feature is left to the discretion of the implementer.
</p>
@@ -854,16 +854,14 @@
<p>
A <a href="#dfn-user-agent"
class="internalDFN">user agent</a> <em class="rfc2119"
- title="MUST">MUST</em> allow web pages to connect only with Local-networked Services that have passed a
- <a href="#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> indicating they support Cross-Origin Resource Sharing
+ title="SHOULD">SHOULD</em> only allow web pages to connect with Local-networked Services that have passed
+ a <a href="#dfn-preliminary-cors-check"
+ class="internalDFN">preliminary CORS check</a> indicating they support Cross-Origin Resource Sharing
[<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] during the <a href="#dfn-service-discovery-mechanisms"
- class="internalDFN">service discovery mechanisms</a> provided in this specification. In this way, a
- <a href="#dfn-user-agent"
+ href="#bib-CORS">CORS</a></cite>]. In this way, a <a href="#dfn-user-agent"
class="internalDFN">user agent</a> <em class="rfc2119"
- title="MUST NOT">MUST NOT</em> allow web pages to access other arbitrary networked services on the current
- local network.
+ title="SHOULD NOT">SHOULD NOT</em> allow web pages to access other arbitrary networked services on the
+ current local network.
</p>
<p>
A <a href="#dfn-user-agent"
@@ -1054,14 +1052,26 @@
<ol class="rule">
<li>For each <var>requested control type</var> in <var>requested control types</var>: If <var>available
service</var>'s <code>type</code> attribute equals the <var>requested control type</var> then let <var>
- matched service</var> equal the value of <var>available service</var> and continue at the step
- labeled <var>attach</var> below.
+ matched service</var> equal the value of <var>available service</var>. Otherwise, abort the remaining
+ sub-steps and continue above at the next <var>available service</var>.
</li>
- <li>Continue at the next <var>available service</var>.
- </li>
- <li>
- <em>Attach</em>: If <var>matched service</var> is not empty then run the following steps:
+ <li>If <var>matched service</var> is not empty then run the following steps:
<ol class="rule">
+ <li>Let <var>CORS check result</var> be the result of running the <a href=
+ "#dfn-preliminary-cors-check"
+ class="internalDFN">preliminary CORS check</a> algorithm, passing in <var>matched
+ services</var>'s <code>url</code> attribute as the <var>control endpoint URL</var> argument
+ and the <a href=
+ "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
+ class="externalDFN">entry script</a>'s <a href=
+ "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
+ class="externalDFN">origin</a> as the <var>request origin</var> argument.
+ </li>
+ <li>If <var>CORS check result</var> is not <code>pass</code> and <var>matched service</var>'s
+ <code>type</code> attribute is also not present in the <a href="#dfn-network-services-whitelist"
+ class="internalDFN">network services whitelist</a> then abort the remaining sub-steps and
+ continue above at the next <var>available service</var>.
+ </li>
<li>Let <var>new service object</var> be a new <a href=
"#networkservice"><code>NetworkService</code></a> object, mapping the parameters of <var>matched
service</var> to this new object where possible.
@@ -1191,9 +1201,55 @@
class="externalDFN">user interaction task source</a>.
</p>
<p>
+ The <dfn id="dfn-preliminary-cors-check">preliminary CORS check</dfn> algorithm determines whether a
+ Local-networked Service supports Cross-Origin Resource Sharing [<cite><a class="bibref"
+ href="#bib-CORS">CORS</a></cite>] as part of a call to the <a href=
+ "#dom-navigator-getnetworkservices"><code>getNetworkServices()</code></a> method, prior to that service
+ being proposed for sharing to users and prior to active sharing with web pages. This algorithm takes two
+ arguments, <var>control endpoint URL</var> and <var>request origin</var>, and consists of running the
+ following steps:
+ </p>
+ <ol class="rule">
+ <li>Let <var>CORS available check</var> be the result of applying the <a href=
+ "http://www.w3.org/TR/cors/#make-a-request-steps"
+ class="externalDFN">make a request steps</a> [<cite><a class="bibref"
+ href="#bib-CORS">CORS</a></cite>], setting the <a href="http://www.w3.org/TR/cors/#request-method"
+ class="externalDFN">request method</a> to <code>OPTIONS</code>, the <a href=
+ "http://www.w3.org/TR/cors/#request-url"
+ class="externalDFN">request URL</a> to <var>control endpoint URL</var>, the <a href=
+ "http://www.w3.org/TR/cors/#source-origin"
+ class="externalDFN">source origin</a> to <var>request origin</var>, setting the <a href=
+ "http://www.w3.org/TR/cors/#omit-credentials-flag"
+ class="externalDFN">omit credentials flag</a> to <code>true</code> and including an <a href=
+ "http://www.w3.org/TR/cors/#http-access-control-request-method"
+ class="externalDFN"><code>Access-Control-Request-Method</code></a> header with a value of
+ <code>GET</code>.
+ </li>
+ <li>If <var>CORS available check</var> is cancelled by the user, or it results in a network error, or its
+ response does not have an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> status code of
+ <code>200</code> then abort any remaining steps and return <code>fail</code>.
+ </li>
+ <li>Return the result of running the <a href="http://www.w3.org/TR/cors/#resource-sharing-check"
+ class="externalDFN">resource sharing check</a> [<cite><a class="bibref"
+ href="#bib-CORS">CORS</a></cite>] against the successful <abbr title=
+ "Hypertext Transfer Protocol">HTTP</abbr> response of the <var>CORS available check</var>.
+ <div class="note">
+ <div class="note-title"
+ aria-level="3"
+ role="heading"
+ id="h_note_1">
+ <span>Note</span>
+ </div>
+ <p class="">
+ This returned result will always be either <code>pass</code> or <code>fail</code>.
+ </p>
+ </div>
+ </li>
+ </ol>
+ <p>
There is no implied persistence to networked service sharing provided to a web page. It <em class="rfc2119"
- title="MUST NOT">MUST NOT</em> be possible to access a previously white-listed networked service without
- user authorization in all of the following cases:
+ title="MUST NOT">MUST NOT</em> be possible to access a networked service previously granted to a web
+ page without user authorization in all of the following cases:
</p>
<ul>
<li>If the current script is reloaded at any point in the same or different window.
@@ -1396,7 +1452,7 @@
<div class="note-title"
aria-level="3"
role="heading"
- id="h_note_1">
+ id="h_note_2">
<span>Note</span>
</div>
<p class="">
@@ -1897,49 +1953,6 @@
class="internalDFN">removing an available service</a>, passing in the expired service record's
<code>id</code> attribute as the only argument.
</p>
- <p>
- The <dfn id="dfn-cors-preflight-check">CORS preflight check</dfn> algorithm determines whether a
- Local-networked Service supports Cross-Origin Resource Sharing [<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] prior to that service being proposed for sharing to users and prior to
- active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and
- consists of running the following steps:
- </p>
- <ol class="rule">
- <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
- "http://www.w3.org/TR/cors/#cross-origin-request-status"
- class="externalDFN">cross-origin request status</a> [<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] after performing a <a href=
- "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
- class="externalDFN">cross-origin request with preflight</a> [<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] towards the <var>control endpoint URL</var> with the <a href=
- "http://www.w3.org/TR/cors/#source-origin"
- class="externalDFN">source origin</a> [<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] set to the public IP address of the current machine, terminating this
- algorithm at Step 2 (when <a href="http://www.w3.org/TR/cors/#cross-origin-request-status"
- class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
- prior error has occurred in the algorithm).
- </li>
- <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
- <code>pass</code>. Otherwise, return <code>fail</code>.
- </li>
- </ol>
- <p>
- User agents <em class="rfc2119"
- title="SHOULD">SHOULD</em> re-run the <a href="#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> algorithm against service endpoint URLs when their <a href=
- "http://www.w3.org/TR/cors/#cache-max-age"
- class="externalDFN">max-age</a> [<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] entry in the <a href="http://www.w3.org/TR/cors/#preflight-result-cache"
- class="externalDFN">preflight result cache</a> [<cite><a class="bibref"
- href="#bib-CORS">CORS</a></cite>] exceeds the current time. If this subsequent execution of the <a href=
- "#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> algorithm returns <code>fail</code> then the <a href=
- "#dfn-user-agent"
- class="internalDFN">user agent</a> <em class="rfc2119"
- title="MUST">MUST</em> run the general rule for <a href="#dfn-removing-an-available-service"
- class="internalDFN">removing an available service</a> passing in the associated <var>network service
- record</var>'s <code>id</code> attribute as the only argument.
- </p>
<section id="zeroconf-mdns-dns-sd">
<h3 aria-level="2"
role="heading"
@@ -1999,16 +2012,9 @@
<li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
</li>
- <li>If the result of running the <a href="#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
- <var>network service record</var>'s <code>url</code> property as the only argument, or the current
- <var>network service record</var>'s <code>type</code> property is present in the <a href=
- "#dfn-network-services-whitelist"
- class="internalDFN">network services whitelist</a> then run the general rule for <a href=
- "#dfn-adding-an-available-service"
+ <li>Run the general rule for <a href="#dfn-adding-an-available-service"
class="internalDFN">adding an available service</a>, passing in the current <var>network service
- record</var> as the only argument. Otherwise, discard the current <var>network service
- record</var>.
+ record</var> as the only argument.
</li>
</ol>
</li>
@@ -2248,16 +2254,9 @@
<li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
</li>
- <li>If the result of running the <a href="#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
- <var>network service record</var>'s <code>url</code> property as the only argument, or the current
- <var>network service record</var>'s <code>type</code> property is present in the <a href=
- "#dfn-network-services-whitelist"
- class="internalDFN">network services whitelist</a> then run the general rule for <a href=
- "#dfn-adding-an-available-service"
+ <li>Run the general rule for <a href="#dfn-adding-an-available-service"
class="internalDFN">adding an available service</a>, passing in the current <var>network service
- record</var> as the only argument. Otherwise, discard the current <var>network service
- record</var>.
+ record</var> as the only argument.
</li>
</ol>
</li>
@@ -2552,16 +2551,9 @@
<li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
</li>
- <li>If the result of running the <a href="#dfn-cors-preflight-check"
- class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
- <var>network service record</var>'s <code>url</code> property as the only argument, or the current
- <var>network service record</var>'s <code>type</code> property is present in the <a href=
- "#dfn-network-services-whitelist"
- class="internalDFN">network services whitelist</a> then run the general rule for <a href=
- "#dfn-adding-an-available-service"
+ <li>Run the general rule for <a href="#dfn-adding-an-available-service"
class="internalDFN">adding an available service</a>, passing in the current <var>network service
- record</var> as the only argument. Otherwise, discard the current <var>network service
- record</var>.
+ record</var> as the only argument.
</li>
</ol>
</li>
@@ -2710,7 +2702,7 @@
<div class="note-title"
aria-level="2"
role="heading"
- id="h_note_2">
+ id="h_note_3">
<span>Note</span>
</div>
<p class="">
@@ -3276,10 +3268,7 @@
"World Wide Web Consortium">W3C</abbr> Device APIs Working Group, <abbr title=
"World Wide Web Consortium">W3C</abbr> Web and TV Interest Group.
</p>
- </section><style>
-a.externalDFN { color: #00C; border-bottom: 1px dashed #00C; }
- a.internalDFN { color: #00C; text-decoration: solid; }
- </style>
+ </section>
<section id="references"
class="appendix"
typeof="bibo:Chapter"
@@ -3387,6 +3376,9 @@
</dd>
</dl>
</section>
- </section>
+ </section><style>
+a.externalDFN { color: #00C; border-bottom: 1px dashed #00C; }
+ a.internalDFN { color: #00C; text-decoration: solid; }
+ </style>
</body>
</html>
--- a/discovery-api/Overview.src.html Mon Oct 07 09:41:44 2013 +0300
+++ b/discovery-api/Overview.src.html Thu Oct 10 12:36:37 2013 +1100
@@ -143,10 +143,10 @@
<p>
The user agent, having captured all advertised services on the network from the <a>service discovery
mechanisms</a> included in this recommendation, attempts to match the requested service type to a discovered
- service according to the processing described herein. Only Local-networked Services that pass a <a>CORS
- preflight check</a> should be made available to web pages by a user agent. A user agent may provide a way for
- users to white-list non-CORS enabled Local-networked Services but implementation of such a feature is left to
- the discretion of the implementer.
+ service according to the processing described herein. Only Local-networked Services that pass a <a>preliminary
+ CORS check</a> should be made available to web pages by a user agent. A user agent may provide a way for users
+ to white-list non-CORS enabled Local-networked Services but implementation of such a feature is left to the
+ discretion of the implementer.
</p>
<p>
If a service connectivity request is successful then the Web page is provided with a promise-based success
@@ -356,10 +356,10 @@
Security considerations for API implementations
</h3>
<p>
- A <a>user agent</a> MUST allow web pages to connect only with Local-networked Services that have passed a
- <a>CORS preflight check</a> indicating they support Cross-Origin Resource Sharing [[!CORS]] during the
- <a>service discovery mechanisms</a> provided in this specification. In this way, a <a>user agent</a> MUST NOT
- allow web pages to access other arbitrary networked services on the current local network.
+ A <a>user agent</a> SHOULD only allow web pages to connect with Local-networked Services that have passed a
+ <a>preliminary CORS check</a> indicating they support Cross-Origin Resource Sharing [[!CORS]]. In this way, a
+ <a>user agent</a> SHOULD NOT allow web pages to access other arbitrary networked services on the current
+ local network.
</p>
<p>
A <a>user agent</a> MAY provide a way for users to enable access to non-CORS enabled Local-networked Services
@@ -515,14 +515,23 @@
<ol class="rule">
<li>For each <var>requested control type</var> in <var>requested control types</var>: If <var>available
service</var>'s <code>type</code> attribute equals the <var>requested control type</var> then let <var>
- matched service</var> equal the value of <var>available service</var> and continue at the step
- labeled <var>attach</var> below.
+ matched service</var> equal the value of <var>available service</var>. Otherwise, abort the remaining
+ sub-steps and continue above at the next <var>available service</var>.
</li>
- <li>Continue at the next <var>available service</var>.
- </li>
- <li>
- <em>Attach</em>: If <var>matched service</var> is not empty then run the following steps:
+ <li>If <var>matched service</var> is not empty then run the following steps:
<ol class="rule">
+ <li>Let <var>CORS check result</var> be the result of running the <a>preliminary CORS check</a>
+ algorithm, passing in <var>matched services</var>'s <code>url</code> attribute as the <var>control
+ endpoint URL</var> argument and the <a href=
+ "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
+ class="externalDFN">entry script</a>'s <a href=
+ "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
+ class="externalDFN">origin</a> as the <var>request origin</var> argument.
+ </li>
+ <li>If <var>CORS check result</var> is not <code>pass</code> and <var>matched service</var>'s
+ <code>type</code> attribute is also not present in the <a>network services whitelist</a> then abort
+ the remaining sub-steps and continue above at the next <var>available service</var>.
+ </li>
<li>Let <var>new service object</var> be a new <a href=
"#networkservice"><code>NetworkService</code></a> object, mapping the parameters of <var>matched
service</var> to this new object where possible.
@@ -631,9 +640,45 @@
class="externalDFN">user interaction task source</a>.
</p>
<p>
+ The <dfn>preliminary CORS check</dfn> algorithm determines whether a Local-networked Service supports
+ Cross-Origin Resource Sharing [[!CORS]] as part of a call to the <a href=
+ "#dom-navigator-getnetworkservices"><code>getNetworkServices()</code></a> method, prior to that service
+ being proposed for sharing to users and prior to active sharing with web pages. This algorithm takes two
+ arguments, <var>control endpoint URL</var> and <var>request origin</var>, and consists of running the
+ following steps:
+ </p>
+ <ol class="rule">
+ <li>Let <var>CORS available check</var> be the result of applying the <a href=
+ "http://www.w3.org/TR/cors/#make-a-request-steps"
+ class="externalDFN">make a request steps</a> [[!CORS]], setting the <a href=
+ "http://www.w3.org/TR/cors/#request-method"
+ class="externalDFN">request method</a> to <code>OPTIONS</code>, the <a href=
+ "http://www.w3.org/TR/cors/#request-url"
+ class="externalDFN">request URL</a> to <var>control endpoint URL</var>, the <a href=
+ "http://www.w3.org/TR/cors/#source-origin"
+ class="externalDFN">source origin</a> to <var>request origin</var>, setting the <a href=
+ "http://www.w3.org/TR/cors/#omit-credentials-flag"
+ class="externalDFN">omit credentials flag</a> to <code>true</code> and including an <a href=
+ "http://www.w3.org/TR/cors/#http-access-control-request-method"
+ class="externalDFN"><code>Access-Control-Request-Method</code></a> header with a value of
+ <code>GET</code>.
+ </li>
+ <li>If <var>CORS available check</var> is cancelled by the user, or it results in a network error, or its
+ response does not have an HTTP status code of <code>200</code> then abort any remaining steps and return
+ <code>fail</code>.
+ </li>
+ <li>Return the result of running the <a href="http://www.w3.org/TR/cors/#resource-sharing-check"
+ class="externalDFN">resource sharing check</a> [[!CORS]] against the successful HTTP response of the
+ <var>CORS available check</var>.
+ <p class="note">
+ This returned result will always be either <code>pass</code> or <code>fail</code>.
+ </p>
+ </li>
+ </ol>
+ <p>
There is no implied persistence to networked service sharing provided to a web page. It MUST NOT be
- possible to access a previously white-listed networked service without user authorization in all of the
- following cases:
+ possible to access a networked service previously granted to a web page without user authorization in all
+ of the following cases:
</p>
<ul>
<li>If the current script is reloaded at any point in the same or different window.
@@ -1248,39 +1293,6 @@
<a>user agent</a> SHOULD run the rule for <a>removing an available service</a>, passing in the expired service
record's <code>id</code> attribute as the only argument.
</p>
- <p>
- The <dfn>CORS preflight check</dfn> algorithm determines whether a Local-networked Service supports
- Cross-Origin Resource Sharing [[!CORS]] prior to that service being proposed for sharing to users and prior to
- active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and consists
- of running the following steps:
- </p>
- <ol class="rule">
- <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
- "http://www.w3.org/TR/cors/#cross-origin-request-status"
- class="externalDFN">cross-origin request status</a> [[!CORS]] after performing a <a href=
- "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
- class="externalDFN">cross-origin request with preflight</a> [[!CORS]] towards the <var>control endpoint
- URL</var> with the <a href="http://www.w3.org/TR/cors/#source-origin"
- class="externalDFN">source origin</a> [[!CORS]] set to the public IP address of the current machine,
- terminating this algorithm at Step 2 (when <a href=
- "http://www.w3.org/TR/cors/#cross-origin-request-status"
- class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
- prior error has occurred in the algorithm).
- </li>
- <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
- <code>pass</code>. Otherwise, return <code>fail</code>.
- </li>
- </ol>
- <p>
- User agents SHOULD re-run the <a>CORS preflight check</a> algorithm against service endpoint URLs when their
- <a href="http://www.w3.org/TR/cors/#cache-max-age"
- class="externalDFN">max-age</a> [[!CORS]] entry in the <a href=
- "http://www.w3.org/TR/cors/#preflight-result-cache"
- class="externalDFN">preflight result cache</a> [[!CORS]] exceeds the current time. If this subsequent
- execution of the <a>CORS preflight check</a> algorithm returns <code>fail</code> then the <a>user agent</a>
- MUST run the general rule for <a>removing an available service</a> passing in the associated <var>network
- service record</var>'s <code>id</code> attribute as the only argument.
- </p>
<section>
<h4>
Zeroconf (<abbr title="Multicast DNS">mDNS</abbr> + <abbr title="Domain Name System">DNS</abbr>-<abbr title=
@@ -1323,12 +1335,8 @@
<li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
</li>
- <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
- the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
- current <var>network service record</var>'s <code>type</code> property is present in the <a>network
- services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
- current <var>network service record</var> as the only argument. Otherwise, discard the current
- <var>network service record</var>.
+ <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
+ service record</var> as the only argument.
</li>
</ol>
</li>
@@ -1493,12 +1501,8 @@
<li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
</li>
- <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
- the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
- current <var>network service record</var>'s <code>type</code> property is present in the <a>network
- services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
- current <var>network service record</var> as the only argument. Otherwise, discard the current
- <var>network service record</var>.
+ <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
+ service record</var> as the only argument.
</li>
</ol>
</li>
@@ -1720,12 +1724,8 @@
<li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
</li>
- <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
- the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
- current <var>network service record</var>'s <code>type</code> property is present in the <a>network
- services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
- current <var>network service record</var> as the only argument. Otherwise, discard the current
- <var>network service record</var>.
+ <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
+ service record</var> as the only argument.
</li>
</ol>
</li>