Edition for Web Developers — Last Updated 17 December 2024
multipart/x-mixed-replace
documentsX-Frame-Options
`ヘッダーRefresh
`ヘッダーWhen loading a document using one of the below algorithms, we use the following steps to create and initialize a Document
object, given a type type, content type contentType, and navigation params navigationParams:
Document
objects are also created when creating a new browsing context and document; such initial about:blank
Document
are never created by this algorithm. Also, browsing context-less Document
objects can be created via various APIs, such as document.implementation.createHTMLDocument()
.
Let browsingContext be the result of obtaining a browsing context to use for a navigation response given navigationParams.
This can result in a browsing context group switch, in which case browsingContext will be a newly-created browsing context instead of being navigationParams's navigable's active browsing context. In such a case, the created Window
, Document
, and agent will not end up being used; because the created Document
's origin is opaque, we will end up creating a new agent and Window
later in this algorithm to go along with the new Document
.
Let permissionsPolicy be the result of creating a permissions policy from a response given navigationParams's navigable's container, navigationParams's origin, and navigationParams's response. [PERMISSIONSPOLICY]
The creating a permissions policy from a response algorithm makes use of the passed origin. If document.domain
has been used for navigationParams's navigable's container document, then its origin cannot be same origin-domain with the passed origin, because these steps run before the document is created, so it cannot itself yet have used document.domain
. Note that this means that Permissions Policy checks are less permissive compared to doing a same origin check instead.
See below for some examples of this in action.
If navigationParams's request is non-null, then set creationURL to navigationParams's request's current URL.
Let window be null.
If browsingContext's active document's is initial about:blank
is true, and browsingContext's active document's origin is same origin-domain with navigationParams's origin, then set window to browsingContext's active window.
This means that both the initial about:blank
Document
, and the new Document
that is about to be created, will share the same Window
object.
Otherwise:
Let oacHeader be the result of getting a structured field value given `Origin-Agent-Cluster
` and "item
" from navigationParams's response's header list.
Let requestsOAC be true if oacHeader is not null and oacHeader[0] is the boolean true; otherwise false.
If navigationParams's reserved environment is a non-secure context, then set requestsOAC to false.
Let agent be the result of obtaining a similar-origin window agent given navigationParams's origin, browsingContext's group, and requestsOAC.
Let realmExecutionContext be the result of creating a new realm given agent and the following customizations:
For the global object, create a new Window
object.
For the global this binding, use browsingContext's WindowProxy
object.
Set window to the global object of realmExecutionContext's Realm component.
Let topLevelCreationURL be creationURL.
Let topLevelOrigin be navigationParams's origin.
If navigable's container is not null, then:
Let parentEnvironment be navigable's container's relevant settings object.
Set topLevelCreationURL to parentEnvironment's top-level creation URL.
Set topLevelOrigin to parentEnvironment's top-level origin.
Set up a window environment settings object with creationURL, realmExecutionContext, navigationParams's reserved environment, topLevelCreationURL, and topLevelOrigin.
This is the usual case, where the new Document
we're about to create gets a new Window
to go along with it.
Let loadTimingInfo be a new document load timing info with its navigation start time set to navigationParams's response's timing info's start time.
Let document be a new Document
, with
loading
"windowの関連Document
をdocumentに設定する。
Run CSP initialization for a Document
given document. [CSP]
If navigationParams's request is non-null, then:
Set document's referrer to the empty string.
If referrer is a URL record, then set document's referrer to the serialization of referrer.
Per Fetch, referrer will be either a URL record or "no-referrer
" at this point.
If navigationParams's fetch controller is not null, then:
Let fullTimingInfo be the result of extracting the full timing info from navigationParams's fetch controller.
Let redirectCount be 0 if navigationParams's response's has cross-origin redirects is true; otherwise navigationParams's request's redirect count.
Create the navigation timing entry for document, given fullTimingInfo, redirectCount, navigationTimingType, navigationParams's response's service worker timing info, and navigationParams's response's body info.
Create the navigation timing entry for document, with navigationParams's response's timing info, redirectCount, navigationParams's navigation timing type, and navigationParams's response's service worker timing info.
If navigationParams's response has a `Refresh
` header, then:
Let value be the isomorphic decoding of the value of the header.
Run the shared declarative refresh steps with document and value.
We do not currently have a spec for how to handle multiple `Refresh
` headers. This is tracked as issue #2900.
If navigationParams's commit early hints is not null, then call navigationParams's commit early hints with document.
Process link headers given document, navigationParams's response, and "pre-media
".
documentを返す。
In this example, the child document is not allowed to use PaymentRequest
, despite being same origin-domain at the time the child document tries to use it. At the time the child document is initialized, only the parent document has set document.domain
, and the child document has not.
<!-- https://foo.example.com/a.html -->
<!doctype html>
< script >
document. domain = 'example.com' ;
</ script >
< iframe src = b.html ></ iframe >
<!-- https://bar.example.com/b.html -->
<!doctype html>
< script >
document. domain = 'example.com' ; // This happens after the document is initialized
new PaymentRequest( …); // Not allowed to use
</ script >
In this example, the child document is allowed to use PaymentRequest
, despite not being same origin-domain at the time the child document tries to use it. At the time the child document is initialized, none of the documents have set document.domain
yet so same origin-domain falls back to a normal same origin check.
<!-- https://example.com/a.html -->
<!doctype html>
< iframe src = b.html ></ iframe >
<!-- The child document is now initialized, before the script below is run. -->
< script >
document. domain = 'example.com' ;
</ script >
<!-- https://example.com/b.html -->
<!doctype html>
< script >
new PaymentRequest( …); // Allowed to use
</ script >
To populate with html
/head
/body
given a Document
document:
Let html be the result of creating an element given document, "html
", and the HTML namespace.
Let head be the result of creating an element given document, "head
", and the HTML namespace.
Let body be the result of creating an element given document, "body
", and the HTML namespace.
Append html to document.
Append head to html.
Append body to html.
To load an HTML document, given navigation params navigationParams:
Let document be the result of creating and initializing a Document
object given "html
", "text/html
", and navigationParams.
If document's URL is about:blank
, then populate with html
/head
/body
given document.
This special case, where even non-initial about:blank
Document
s are synchronously given their element nodes, is necessary for compatible with deployed content. In other words, it is not compatible to instead go down the "otherwise" branch and feed the empty byte sequence into an HTML parser to asynchronously populate document.
Otherwise, create an HTML parser and associate it with the document. Each task that the networking task source places on the task queue while fetching runs must then fill the parser's input byte stream with the fetched bytes and cause the HTML parser to perform the appropriate processing of the input stream.
The first task that the networking task source places on the task queue while fetching runs must process link headers given document, navigationParams's response, and "media
", after the task has been processed by the HTML parser.
Before any script execution occurs, the user agent must wait for scripts may run for the newly-created document to be true for document.
The input byte stream converts bytes into characters for use in the tokenizer. This process relies, in part, on character encoding information found in the real Content-Type metadata of the resource; the computed type is not used for this purpose.
When no more bytes are available, the user agent must queue a global task on the networking task source given document's relevant global object to have the parser process the implied EOF character, which eventually causes a load
event to be fired.
documentを返す。
When faced with displaying an XML file inline, provided navigation params navigationParams and a string type, user agents must follow the requirements defined in XML and Namespaces in XML, XML Media Types, DOM, and other relevant specifications to create and initialize a Document
object document, given "xml
", type, and navigationParams, and return that Document
. They must also create a corresponding XML parser. [XML] [XMLNS] [RFC7303] [DOM]
At the time of writing, the XML specification community had not actually yet specified how XML and the DOM interact.
The first task that the networking task source places on the task queue while fetching runs must process link headers given document, navigationParams's response, and "media
", after the task has been processed by the XML parser.
The actual HTTP headers and other metadata, not the headers as mutated or implied by the algorithms given in this specification, are the ones that must be used when determining the character encoding according to the rules given in the above specifications. Once the character encoding is established, the document's character encoding must be set to that character encoding.
Before any script execution occurs, the user agent must wait for scripts may run for the newly-created document to be true for the newly-created Document
.
Once parsing is complete, the user agent must set document's during-loading navigation ID for WebDriver BiDi to null.
For HTML documents this is reset when parsing is complete, after firing the load event.
Error messages from the parse process (e.g., XML namespace well-formedness errors) may be reported inline by mutating the Document
.
To load a text document, given a navigation params navigationParams and a string type:
Let document be the result of creating and initializing a Document
object given "html
", type, and navigationParams.
Set document's parser cannot change the mode flag to true.
Set document's mode to "no-quirks
".
Create an HTML parser and associate it with the document. Act as if the tokenizer had emitted a start tag token with the tag name "pre" followed by a single U+000A LINE FEED (LF) character, and switch the HTML parser's tokenizer to the PLAINTEXT state. Each task that the networking task source places on the task queue while fetching runs must then fill the parser's input byte stream with the fetched bytes and cause the HTML parser to perform the appropriate processing of the input stream.
document's encoding must be set to the character encoding used to decode the document during parsing.
The first task that the networking task source places on the task queue while fetching runs must process link headers given document, navigationParams's response, and "media
", after the task has been processed by the HTML parser.
Before any script execution occurs, the user agent must wait for scripts may run for the newly-created document to be true for document.
When no more bytes are available, the user agent must queue a global task on the networking task source given document's relevant global object to have the parser process the implied EOF character, which eventually causes a load
event to be fired.
User agents may add content to the head
element of document, e.g., linking to a style sheet, providing script, or giving the document a title
.
In particular, if the user agent supports the Format=Flowed
feature of RFC 3676 then the user agent would need to apply extra styling to cause the text to wrap correctly and to handle the quoting feature. This could be performed using, e.g., a CSS extension.
documentを返す。
The rules for how to convert the bytes of the plain text document into actual characters, and the rules for actually rendering the text to the user, are defined by the specifications for the computed MIME type of the resource (i.e., type).
multipart/x-mixed-replace
documentsTo load a multipart/x-mixed-replace
document, given navigation params navigationParams, source snapshot params sourceSnapshotParams, and origin initiatorOrigin:
Parse navigationParams's response's body using the rules for multipart types. [RFC2046]
Let firstPartNavigationParams be a copy of navigationParams.
Set firstPartNavigationParams's response to a new response representing the first part of navigationParams's response's body's multipart stream.
Let document be the result of loading a document given firstPartNavigationParams, sourceSnapshotParams, and initiatorOrigin.
For each additional body part obtained from navigationParams's response, the user agent must navigate document's node navigable to navigationParams's request's URL, using document, with response set to navigationParams's response and historyHandling set to "replace
".
documentを返す。
For the purposes of algorithms processing these body parts as if they were complete stand-alone resources, the user agent must act as if there were no more bytes for those resources whenever the boundary following the body part is reached.
Thus, load
events (and for that matter unload
events) do fire for each body part loaded.
To load a media document, given navigationParams and a string type:
Let document be the result of creating and initializing a Document
object given "html
", type, and navigationParams.
Set document's mode to "no-quirks
".
Populate with html
/head
/body
given document.
Append an element host element for the media, as described below, to the body
element.
Set the appropriate attribute of the element host element, as described below, to the address of the image, video, or audio resource.
User agents may add content to the head
element of document, or attributes to host element, e.g., to link to a style sheet, to provide a script, to give the document a title
, or to make the media autoplay.
Process link headers given document, navigationParams's response, and "media
".
Act as if the user agent had stopped parsing document.
documentを返す。
The element host element to create for the media is the element given in the table below in the second cell of the row whose first cell describes the media. The appropriate attribute to set is the one given by the third cell in that same row.
Type of media | Element for the media | Appropriate attribute |
---|---|---|
画像 | img | src |
Video | video | src |
Audio | audio | src |
Before any script execution occurs, the user agent must wait for scripts may run for the newly-created document to be true for the Document
.
When the user agent is to create a document to display a user agent page or PDF viewer inline, provided a navigable navigable, a navigation ID navigationId, a NavigationTimingType
navTimingType, and a user navigation involvement userInvolvement, the user agent should:
Let origin be a new opaque origin.
Let coop be a new opener policy.
Let coopEnforcementResult be a new opener policy enforcement result with
Let navigationParams be a new navigation params with
Let document be the result of creating and initializing a Document
object given "html
", "text/html
", and navigationParams.
Either associate document with a custom rendering that is not rendered using the normal Document
rendering rules, or mutate document until it represents the content the user agent wants to render.
documentを返す。
Because we ensure the resulting Document
's origin is opaque, and the resulting Document
cannot run script with access to the DOM, the existence and properties of this Document
are not observable to web developer code. This means that most of the above values, e.g., the text/html
type, do not matter. Similarly, most of the items in navigationParams don't have any observable effect, besides preventing the Document
-creation algorithm from getting confused, and so are set to default values.
Once the page has been set up, the user agent must act as if it had stopped parsing.
A Document
has a completely loaded time (a time or null), which is initially null.
A Document
is considered completely loaded if its completely loaded time is non-null.
To completely finish loading a Document
document:
Assert: document's browsing context is non-null.
Set document's completely loaded time to the current time.
Let container be document's node navigable's container.
This will be null in the case where document is the initial about:blank
Document
in a frame
or iframe
, since at the point of browsing context creation which calls this algorithm, the container relationship has not yet been established. (That happens in a subsequent step of create a new child navigable.)
The consequence of this is that the following steps do nothing, i.e., we do not fire an asynchronous load
event on the container element for such cases. Instead, a synchronous load
event is fired in a special initial-insertion case when processing the iframe
attributes.
If container is an iframe
element, then queue an element task on the DOM manipulation task source given container to run the iframe load event steps given container.
Otherwise, if container is non-null, then queue an element task on the DOM manipulation task source given container to fire an event named load
at container.
A Document
has a salvageable state, which must initially be true, and a page showing flag, which must initially be false. The page showing flag is used to ensure that scripts receive pageshow
and pagehide
events in a consistent manner (e.g. that they never receive two pagehide
events in a row without an intervening pageshow
, or vice versa).
A Document
has a DOMHighResTimeStamp
suspension time, initially 0.
A Document
has a list of suspended timer handles, initially empty.
Event loops have a termination nesting level counter, which must initially be 0.
Document
objects have an unload counter, which is used to ignore certain operations while the below algorithms run. Initially, the counter must be set to zero.
To unload a Document
oldDocument, given an optional Document
newDocument:
Assert: this is running as part of a task queued on oldDocument's relevant agent's event loop.
Let unloadTimingInfo be a new document unload timing info.
If newDocument is not given, then set unloadTimingInfo to null.
In this case there is no new document that needs to know about how long it took oldDocument to unload.
Otherwise, if newDocument's event loop is not oldDocument's event loop, then the user agent may be unloading oldDocument in parallel. In that case, the user agent should set unloadTimingInfo to null.
In this case newDocument's loading is not impacted by how long it takes to unload oldDocument, so it would be meaningless to communicate that timing info.
Let intendToKeepInBfcache be true if the user agent intends to keep oldDocument alive in a session history entry, such that it can later be used for history traversal.
This must be false if oldDocument is not salvageable, or if there are any descendants of oldDocument which the user agent does not intend to keep alive in the same way (including due to their lack of salvageability).
Let eventLoop be oldDocument's relevant agent's event loop.
Increase eventLoop's termination nesting level by 1.
Increase oldDocument's unload counter by 1.
If intendToKeepInBfcache is false, then set oldDocument's salvageable state to false.
If oldDocument's page showing is true:
Set oldDocument's page showing to false.
Fire a page transition event named pagehide
at oldDocument's relevant global object with oldDocument's salvageable state.
Update the visibility state of oldDocument to "hidden
".
If unloadTimingInfo is not null, then set unloadTimingInfo's unload event start time to the current high resolution time given newDocument's relevant global object, coarsened given oldDocument's relevant settings object's cross-origin isolated capability.
If oldDocument's salvageable state is false, then fire an event named unload
at oldDocument's relevant global object, with legacy target override flag set.
If unloadTimingInfo is not null, then set unloadTimingInfo's unload event end time to the current high resolution time given newDocument's relevant global object, coarsened given oldDocument's relevant settings object's cross-origin isolated capability.
Decrease eventLoop's termination nesting level by 1.
Set oldDocument's suspension time to the current high resolution time given document's relevant global object.
Set oldDocument's suspended timer handles to the result of getting the keys for the map of active timers.
Set oldDocument's has been scrolled by the user to false.
Run any unloading document cleanup steps for oldDocument that are defined by this specification and other applicable specifications.
If oldDocument's node navigable is a top-level traversable, build not restored reasons for a top-level traversable and its descendants given oldDocument's node navigable.
If oldDocument's salvageable state is false, then destroy oldDocument.
Decrease oldDocument's unload counter by 1.
If newDocument is given, newDocument's was created via cross-origin redirects is false, and newDocument's origin is the same as oldDocument's origin, then set newDocument's previous document unload timing to unloadTimingInfo.
To unload a document and its descendants, given a Document
document, an optional Document
-or-null newDocument (default null), an optional set of steps afterAllUnloads, and an optional set of steps firePageSwapSteps:
Assert: this is running within document's node navigable's traversable navigable's session history traversal queue.
Let childNavigables be document's child navigables.
Let numberUnloaded be 0.
For each childNavigable of childNavigable's in what order?, queue a global task on the navigation and traversal task source given childNavigable's active window to perform the following steps:
Let incrementUnloaded be an algorithm step which increments numberUnloaded.
Unload a document and its descendants given childNavigable's active document, null, and incrementUnloaded.
Wait until numberUnloaded equals childNavigable's size.
Queue a global task on the navigation and traversal task source given document's relevant global object to perform the following steps:
If firePageSwapSteps is given, then run firePageSwapSteps.
Unload document, passing along newDocument if it is not null.
If afterAllUnloads was given, then run it.
This specification defines the following unloading document cleanup steps. Other specifications can define more. Given a Document
document:
windowをdocumentの関連するグローバルオブジェクトにする。
For each WebSocket
object webSocket whose relevant global object is window, make disappear webSocket.
If this affected any WebSocket
objects, then make document unsalvageable given document and "websocket
".
For each WebTransport
object transport whose relevant global object is window, run the context cleanup steps given transport.
If document's salvageable state is false, then:
For each EventSource
object eventSource whose relevant global object is equal to window, forcibly close eventSource.
Clear window's map of active timers.
It would be better if specification authors sent a pull request to add calls from here into their specifications directly, instead of using the unloading document cleanup steps hook, to ensure well-defined cross-specification call order. As of the time of this writing the following specifications are known to have unloading document cleanup steps, which will be run in an unspecified order: Fullscreen API, Web NFC, WebDriver BiDi, Compute Pressure, File API, Media Capture and Streams, Picture-in-Picture, Screen Orientation, Service Workers, WebLocks API, WebAudio API, WebRTC. [FULLSCREEN] [WEBNFC] [WEBDRIVERBIDI] [COMPUTEPRESSURE] [FILEAPI] [MEDIASTREAM] [PICTUREINPICTURE] [SCREENORIENTATION] [SW] [WEBLOCKS] [WEBAUDIO] [WEBRTC]
Issue #8906 tracks the work to make the order of these steps clear.
To destroy a Document
document:
Assert: this is running as part of a task queued on document's relevant agent's event loop.
Abort document.
Set document's salvageable state to false.
Let ports be the list of MessagePort
s whose relevant global object's associated Document
is document.
For each port in ports, disentangle port.
Run any unloading document cleanup steps for document that are defined by this specification and other applicable specifications.
Remove any tasks whose document is document from any task queue (without running those tasks).
Set document's browsing context to null.
Set document's node navigable's active session history entry's document state's document to null.
Remove document from the owner set of each WorkerGlobalScope
object whose set contains document.
For each workletGlobalScope in document's worklet global scopes, terminate workletGlobalScope.
Even after destruction, the Document
object itself might still be accessible to script, in the case where we are destroying a child navigable.
To destroy a document and its descendants given a Document
document and an optional set of steps afterAllDestruction, perform the following steps in parallel:
If document is not fully active, then:
Let reason be a string from user-agent specific blocking reasons. If none apply, then let reason be "masked
".
Make document unsalvageable given document and reason.
If document's node navigable is a top-level traversable, build not restored reasons for a top-level traversable and its descendants given document's node navigable.
Let childNavigables be document's child navigables.
Let numberDestroyed be 0.
For each childNavigable of childNavigable's in what order?, queue a global task on the navigation and traversal task source given childNavigable's active window to perform the following steps:
Let incrementDestroyed be an algorithm step which increments numberDestroyed.
Destroy a document and its descendants given childNavigable's active document and incrementDestroyed.
Wait until numberDestroyed equals childNavigable's size.
Queue a global task on the navigation and traversal task source given document's relevant global object to perform the following steps:
Destroy document.
If afterAllDestruction was given, then run it.
To abort a Document
document:
Assert: this is running as part of a task queued on document's relevant agent's event loop.
Cancel any instances of the fetch algorithm in the context of document, discarding any tasks queued for them, and discarding any further data received from the network for them. If this resulted in any instances of the fetch algorithm being canceled or any queued tasks or any network data getting discarded, then make document unsalvageable given document and "fetch
".
If document's during-loading navigation ID for WebDriver BiDi is non-null, then:
Invoke WebDriver BiDi navigation aborted with document's browsing context, and a new WebDriver BiDi navigation status whose id is document's during-loading navigation ID for WebDriver BiDi, status is "canceled
", and url is document's URL.
Set document's during-loading navigation ID for WebDriver BiDi to null.
If document has an active parser, then:
Set document's active parser was aborted to true.
Abort that parser.
Set document's salvageable to false.
Make document unsalvageable given document and "parser-aborted
".
To abort a document and its descendants given a Document
document:
Assert: this is running as part of a task queued on document's relevant agent's event loop.
Let descendantNavigables be document's descendant navigables.
For each descendantNavigable of descendantNavigables in what order?, queue a global task on the navigation and traversal task source given descendantNavigable's active window to perform the following steps:
Abort descendantNavigable's active document.
If descendantNavigable's active document's salvageable is false, then set document's salvageable to false.
Abort document.
To stop loading a navigable navigable:
Let document be navigable's active document.
If document's unload counter is 0, and navigable's ongoing navigation is a navigation ID, then set the ongoing navigation for navigable to null.
This will have the effect of aborting any ongoing navigations of navigable, since at certain points during navigation, changes to the ongoing navigation will cause further work to be abandoned.
Abort a document and its descendants given document.
Through their user interface, user agents also allow stopping traversals, i.e. cases where the ongoing navigation is "traversal
". The above algorithm does not account for this. (On the other hand, user agents do not allow window.stop()
to stop traversals, so the above algorithm is correct for that caller.) See issue #6905.
X-Frame-Options
`ヘッダーSupport in all current engines.
`X-Frame-Options
` HTTPレスポンスヘッダーは、Document
を子ナビゲート可能内にロードしてもよいかどうか、どのようにロードできるかを制御するレガシーな方法である。それは同じ状況をより細かく制御できるframe-ancestors
CSPディレクティブによって廃止された。 もともとはHTTPヘッダーフィールドX-Frame-Optionsで定義されていたが、ここでの定義はその文書に取って代わる。[CSP] [RFC7034]
特に、HTTPヘッダーフィールドX-Frame-Optionsはヘッダーの`ALLOW-FROM
`バリアントを指定したが、これは実装されない。
CSP frame-ancestors
ディレクティブと`X-Frame-Options
`ヘッダーの両方が同じレスポンスで使用される場合、`X-Frame-Options
`は無視される。
ウェブ開発者および適合性チェッカーにとって、その値のABNFは次のとおりである:
X-Frame-Options = "DENY" / "SAMEORIGIN"
次の表は、不適合の値を含む、ヘッダーのさまざまな値の処理を示す:
`X-Frame-Options ` | 妥当 | 結果 |
---|---|---|
`DENY ` | ✅ | 埋め込みを禁止 |
`SAMEORIGIN ` | ✅ | 同一生成元の埋め込みを許可 |
`INVALID ` | ❌ | 埋め込みを許可 |
`ALLOWALL ` | ❌ | 埋め込みを許可 |
`ALLOW-FROM=https://example.com/ ` | ❌ | 埋め込みを許可(どこからでも) |
次の表は、複数の値が関係するさまざまな不適合のケースがどのように処理されるかを示す:
`X-Frame-Options ` | 結果 |
---|---|
`SAMEORIGIN, SAMEORIGIN ` | 同一生成元の埋め込みを許可 |
`SAMEORIGIN, DENY ` | 埋め込みを禁止 |
`SAMEORIGIN, ` | 埋め込みを禁止 |
`SAMEORIGIN, ALLOWALL ` | 埋め込みを禁止 |
`SAMEORIGIN, INVALID ` | 埋め込みを禁止 |
`ALLOWALL, INVALID ` | 埋め込みを禁止 |
`ALLOWALL, ` | 埋め込みを禁止 |
`INVALID, INVALID ` | 埋め込みを許可 |
値がカンマ区切りの単一ヘッダーで配信されるか、複数のヘッダーで配信されるかにかかわらず、同じ結果が得られる。
Refresh
`ヘッダー`Refresh
`レスポンスヘッダーは、Refresh状態のhttp-equiv
属性を持つmeta
要素と同等のHTTPである。それは同じ値を取り、ほぼ同じように機能する。
Browser user agents should provide the ability to navigate, reload, and stop loading any top-level traversable in their top-level traversable set.
For example, via a location bar and reload/stop button UI.
Browser user agents should provide the ability to traverse by a delta any top-level traversable in their top-level traversable set.
For example, via back and forward buttons, possibly including long-press abilities to change the delta.
It is suggested that such user agents allow traversal by deltas greater than one, to avoid letting a page "trap" the user by stuffing the session history with spurious entries. (For example, via repeated calls to history.pushState()
or fragment navigations.)
Some user agents have heuristics for translating a single "back" or "forward" button press into a larger delta, specifically to overcome such abuses. We are contemplating specifying these heuristics in issue #7832.
Browser user agents should offer users the ability to create a fresh top-level traversable, given a user-provided or user agent-determined initial URL.
For example, via a "new tab" or "new window" button.
Browser user agents should offer users the ability to arbitrarily close any top-level traversable in their top-level traversable set.
For example, by clicking a "close tab" button.
Browser user agents may provide ways for the user to explicitly cause any navigable (not just a top-level traversable) to navigate, reload, or stop loading.
For example, via a context menu.
Browser user agents may provide the ability for users to destroy a top-level traversable.
For example, by force-closing a window containing one or more such top-level traversables.
When a user requests a reload of a navigable whose active session history entry's document state's resource is a POST resource, the user agent should prompt the user to confirm the operation first, since otherwise transactions (e.g., purchases or database modifications) could be repeated.
When a user requests a reload of a navigable, user agents may provide a mechanism for ignoring any caches when reloading.
All calls to navigate initiated by the mechanisms mentioned above must have the userInvolvement argument set to "browser UI
".
All calls to reload initiated by the mechanisms mentioned above must have the userInvolvement argument set to "browser UI
".
All calls to traverse the history by a delta initiated by the mechanisms mentioned above must not pass a value for the sourceDocument argument.
The above recommendations, and the data structures in this specification, are not meant to place restrictions on how user agents represent the session history to the user.
For example, although a top-level traversable's session history entries are stored and maintained as a list, and the user agent is recommended to give an interface for traversing that list by a delta, a novel user agent could instead or in addition present a tree-like view, with each page having multiple "forward" pages that the user can choose between.
Similarly, although session history for all descendant navigables is stored in their traversable navigable, user agents could present the user with a more nuanced per-navigable view of the session history.
Browser user agents may use a top-level browsing context's is popup boolean for the following purposes:
Deciding whether or not to provide a minimal web browser user interface for the corresponding top-level traversable.
Performing the optional steps in set up browsing context features.
In both cases user agents might additionally incorporate user preferences, or present a choice as to whether to go down the popup route.
User agents that provides a minimal user interface for such popups are encouraged to not hide the browser's location bar.