A restriction for URL; URL can have a fragment or credentials parts?

[hayatoito]

It seems we had a restriction that a URL can't have a fragment nor credentials parts,
however, it seems these restriction were removed from the format at this commit. WICG/webpackage@826cadf

1. For each (url, responses) entry in the index map:
   1. Let parsedUrl be the result of parsing ({{URL}}) url with
      no base URL.
2. If parsedUrl is a failure, its fragment is not null, or it includes
   credentials, return an error.

It is a bit unclear whether this removal was intentionally done or not.

If this was intentionally done, that might be fine.
We don't have any restriction on the format itself. Instead, each use case can introduce such a restriction.

e.g.
Subresource loading will ignore a URL which has a fragment.

cc: @jyasskin

It would be better to clarify our intention in this issue.

[jyasskin]

I didn't intend that change to make the subresource loading use case more lenient, but I think the WG could decide either way on whether the format itself forbids URLs with fragments or credentials.

I suggest we say that index entries MUST NOT include fragments or credentials, but of course the use cases will have to explicitly specify what to do when bundles violate that requirement.

[hayatoito]

Thanks for clarification. I appreciate it!

suggest we say that index entries MUST NOT include fragments or credentials

That sounds reasonable to me, and matches the current chromium's bundle parser's implementation, and the behavior of CLI tools, I think, though I don't have a strong preference here.