- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 19 Jan 2016 11:14:47 +1100
- To: Mike West <mkwst@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hey Mike, On 18 Jan 2016, at 8:09 pm, Mike West <mkwst@google.com> wrote: > > While we have the cookies spec open, I think we should take a closer look at how that specification interacts with others. In particular, two things come to mind: > > * We should formalize the integration with Fetch (see step 11.1 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch and 9.3 of https://fetch.spec.whatwg.org/#http-network-fetch). What changes in the RFC would be necessary to do this? > * https://w3c.github.io/webappsec-csp/cookies/ defines a scoping mechanism for `document.cookies` and `Set-Cookie` via a monkey-patch to the RFC. Putting some sort of generic policy hook into the document (either via explicit dependencies, as in that document, or via some sort of registry of delegates) seems valuable. That seems pretty reasonable to me. What do others think? In particular, would people like to see an I-D spelling the changes out, or is <https://w3c.github.io/webappsec-csp/cookies/#monkey-patching-rfc6264> sufficiently precise? Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Tuesday, 19 January 2016 00:15:16 UTC