W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Cookies: Integration with external specs.

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 19 Jan 2016 11:14:47 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <0D8EFEB2-C275-40FA-A894-6C89CD2670C3@mnot.net>
To: Mike West <mkwst@google.com>
Hey Mike,

On 18 Jan 2016, at 8:09 pm, Mike West <mkwst@google.com> wrote:
> While we have the cookies spec open, I think we should take a closer look at how that specification interacts with others. In particular, two things come to mind:
> * We should formalize the integration with Fetch (see step 11.1 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch and 9.3 of https://fetch.spec.whatwg.org/#http-network-fetch).

What changes in the RFC would be necessary to do this?

> * https://w3c.github.io/webappsec-csp/cookies/ defines a scoping mechanism for `document.cookies` and `Set-Cookie` via a monkey-patch to the RFC. Putting some sort of generic policy hook into the document (either via explicit dependencies, as in that document, or via some sort of registry of delegates) seems valuable.

That seems pretty reasonable to me. What do others think? In particular, would people like to see an I-D spelling the changes out, or is <https://w3c.github.io/webappsec-csp/cookies/#monkey-patching-rfc6264> sufficiently precise?


Mark Nottingham   https://www.mnot.net/
Received on Tuesday, 19 January 2016 00:15:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC