From 5c99ed62486976f9f1098dfada02d809b23693bf Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 18 Mar 2019 15:16:49 +0100
Subject: [PATCH] safelist request headers starting with Sec-

---
 fetch.bs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fetch.bs b/fetch.bs
index 70f08d11c..703b5cf7e 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -645,8 +645,12 @@ production as
 <ol>
  <li><p>Let <var>value</var> be <var>header</var>'s <a for=header>value</a>.
 
- <li>
-  <p><a>Byte-lowercase</a> <var>header</var>'s <a for=header>name</a> and switch on the result:
+ <li><p>Let <var>lowercase name</var> be the <a>byte-lowercase</a> <var>header</var>'s <a
+ for=header>name</a>.
+
+ <li><p>If <var>lowercase name</var> starts with `<code>sec-</code>`, return true.
+
+ <li><p>Switch on <var>lowercase name</var>:
 
   <dl class=switch>
    <dt>`<code>accept</code>`