From a0be36b5cb892040a752acc06a0546c968d52645 Mon Sep 17 00:00:00 2001
From: Noam Rosenthal <noamr@users.noreply.github.com>
Date: Tue, 16 Jan 2024 14:24:10 +0000
Subject: [PATCH] Resource hint: check directives explicitly

Apparently the previous wording was a no-op.
Instead of calling the pre-request check, checking
the resource list for the directives that have that as a value.

Closes #633
---
 index.bs | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/index.bs b/index.bs
index b625b099f1..e2c59f425c 100644
--- a/index.bs
+++ b/index.bs
@@ -3765,10 +3765,30 @@ this algorithm returns normally if compilation is allowed, and throws a
 
   3. <a for=set>For each</a> |directive| of |policy|:
 
-      1.  Let |result| be the result of executing |directive|'s
-          <a for="directive">pre-request check</a> on |request| and |policy|.
-
-      2. If |result| is "`Allowed`", then return "`Does Not Violate`".
+      1. If |directive|'s <a for="directive">name</a> is not one of the following:
+        * `child-src`
+        * `connect-src`
+        * `font-src`
+        * `frame-src`
+        * `img-src`
+        * `manifest-src`
+        * `media-src`
+        * `object-src`
+        * `script-src`
+        * `script-src-elem`
+        * `style-src`
+        * `style-src-elem`
+        * `worker-src`
+
+        then continue.
+
+      1. Assert: |directive|'s <a for="directive">value</a> is a <a>source list</a>.
+
+      1. Let |result| be the result of executing [[#match-request-to-source-list]] on
+          |request|, |directive|'s <a for="directive">value</a>, and
+          |policy|.
+
+      1. If |result| is "`Allowed`", then return "`Does Not Violate`".
 
   4. Return |defaultDirective|.