W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Cookies: Integration with external specs.

From: Mike West <mkwst@google.com>
Date: Mon, 18 Jan 2016 10:09:06 +0100
Message-ID: <CAKXHy=fQrHdWB_JhZAFuHuqPnUcsJBwSza0h6XYJuxGqO59n+w@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
While we have the cookies spec open, I think we should take a closer look
at how that specification interacts with others. In particular, two things
come to mind:

* We should formalize the integration with Fetch (see step 11.1 of
https://fetch.spec.whatwg.org/#http-network-or-cache-fetch and 9.3 of
https://fetch.spec.whatwg.org/#http-network-fetch).

* https://w3c.github.io/webappsec-csp/cookies/ defines a scoping mechanism
for `document.cookies` and `Set-Cookie` via a monkey-patch to the RFC.
Putting some sort of generic policy hook into the document (either via
explicit dependencies, as in that document, or via some sort of registry of
delegates) seems valuable.

What do you folks think?

-mike
Received on Monday, 18 January 2016 09:09:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:10 UTC