- From: vanupam <notifications@github.com>
- Date: Wed, 22 Mar 2017 12:00:13 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/c288504867@github.com>
> I'm going to respond to some of your comments in a new comment since collapsed threads are not great: > How is an OAuth token stored by the user agent? It is browser specific - e.g., when a user "signs in" to Chrome, it persistently stores the Refresh Token. I'm not aware of a standard way to do that. > If token binding is on for a connection, every request will include a header automatically? If so, I guess you don't need a new pool then indeed. Ack. > Putting information on HTTP/2 coalescing in connections is fine, not sure how much detail we need. I added some text in that section. > Instead of "eTLD" you want to use "registrable domain", just like HTML does. eTLD is obsolete terminology as far as I'm aware. Done. > It would also help if you could select the checkbox in the sidebar that allows me to push to your branch. That way I can help clean things up. Done. > Next steps: > I'd like to see another review from @mikewest. Maybe @equalsJeffH can help review too since I saw his name on the RFCs. > It would be good to see the tests before doing the final detailed review and cleanup. So maybe that's a good place to focus on now. I'm still trying to get a Python implementation of Token Binding so I can update the server and write tests - so this is not quite imminent. Do we need to block on that? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#issuecomment-288504867
Received on Wednesday, 22 March 2017 19:00:45 UTC