Ben, the actual change is only 1 line, in NS_NewChannel, we use the value of useCredentials to decide whether to pass the LOAD_ANONYMOUS flag or not. This implements Section 4.3, step 4 and 13, where LOAD_ANONYMOUS is the opposite of credentials flag being set.

Comment on attachment 8549915 [details] [diff] [review] Fetch API: Set anonymous flag on channel if no credentials are to be passed Review of attachment 8549915 [details] [diff] [review]: ----------------------------------------------------------------- One minor comment, but otherwise looks good. Thanks for writing tests for all these things! ::: dom/fetch/FetchDriver.cpp @@ +347,5 @@ > + mRequest->GetContext(), > + mLoadGroup, > + nullptr, /* aCallbacks */ > + nsIRequest::LOAD_NORMAL | > + (useCredentials ? 0 : nsIRequest::LOAD_ANONYMOUS), I think its a bit obfuscating to use a terniary bitwise-OR'd in the middle of the method call. Can you do something like this instead: nsSecurityFlags credentialsFlag = useCredentials ? 0 : nsIRequest::LOAD_ANONYMOUS; And then in the NS_NewChannel() call: nsIRequest::LOAD_NORMAL | credentialsFlag

Comment on attachment 8549915 [details] [diff] [review] Fetch API: Set anonymous flag on channel if no credentials are to be passed Review of attachment 8549915 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/fetch/FetchDriver.cpp @@ +347,5 @@ > + mRequest->GetContext(), > + mLoadGroup, > + nullptr, /* aCallbacks */ > + nsIRequest::LOAD_NORMAL | > + (useCredentials ? 0 : nsIRequest::LOAD_ANONYMOUS), ... or at least indent it properly: nsIRequest::LOAD_NORMAL | (useCredentials ? 0 : nsIRequest::LOAD_ANONYMOUS) But I prefer what bkelly proposes.