Re: [whatwg/fetch] Allow connection reuse for request without credentials when TLS client auth is not in use (#341) from jeisinger on 2017-09-07 (public-webapps-github@w3.org from September 2017)

From: jeisinger <notifications@github.com>
Date: Thu, 07 Sep 2017 06:59:08 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/341/327807877@github.com>

IIRC the reason why we introduced this behavior is because we consider part of the connection state (ChannelID) a cookie, and wanted to ensure that blocking cookies (in the broad sense as implemented in chrome) also blocks those.

Using two socket pools for credentialed and uncredentialed requests was a trade-off between teaching the network stack about per-site cookie settings and privacy requirements.

I assume that the measurements cited here are done in a browser without cookie blocking configured, so maybe we should revisit this decision. @sleevi maybe we should move that discussion to a crbug, as this is really more about chrome's implementation than the actual spec in the end?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/341#issuecomment-327807877

Received on Thursday, 7 September 2017 13:59:35 UTC