@@ -1902,8 +1902,8 @@ for=/>request</a> <var>request</var>, run theses steps:
19021902 <li><p> If <var> request</var> 's <a for=request>client</a> is null, return true.</p>
19031903
19041904 <li><p> If <var> request</var> 's <a for=request>client</a>' s <a for="environment settings
1905- object">embedder policy</a> is not " <code> <a for="embedder policy
1906- value">credentialless</a> </code> ", return true.</p>
1905+ object">embedder policy</a> is not
1906+ " <code> <a for="embedder policy value">credentialless</a></code> ", return true.</p>
19071907
19081908 <li><p> If <var> request</var> 's <a for=request>origin</a> is <a>same origin</a> with
19091909 <var> request</var> 's <a for=request>current URL</a>' s <a for=url>origin</a> , return true.</p>
@@ -1997,8 +1997,8 @@ being provided to an API that didn't make a range request. See the flag's usage
19971997description of the attack.
19981998
19991999<p> A <a for=/>response</a> has an associated <dfn for=response
2000- id=concept-response-request-include-credentials> request-include-credentials</dfn> , which is
2001- initially set .
2000+ id=concept-response-request-include-credentials> request-include-credentials</dfn> (a boolean) , which
2001+ is initially true .
20022002
20032003<p> A <a for=/>response</a> has an associated
20042004<dfn for=response id=concept-response-timing-allow-passed>timing allow passed flag</dfn> , which is
@@ -4703,7 +4703,7 @@ steps. They return a <a for=/>response</a>.
47034703
47044704 <p> is true; otherwise false.
47054705
4706- <li><p> If <a>Cross-Origin-Embedder-Policy allows credentials</a> with <var> request</var> is
4706+ <li><p> If <a>Cross-Origin-Embedder-Policy allows credentials</a> with <var> request</var> returns
47074707 false, set <var> includeCredentials</var> to false.</p>
47084708
47094709 <li><p> Let <var> contentLength</var> be <var> httpRequest</var> 's <a for=request>body</a>' s
0 commit comments