W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2008

[whatwg] A document's cookie context

From: Adam Barth <whatwg@adambarth.com>
Date: Fri, 13 Jun 2008 23:31:11 -0700
Message-ID: <7789133a0806132331m27d2257bj6d8e5e8c5edbb691@mail.gmail.com>
The current draft of the spec doesn't specify how to compute the
cookie context for a document.  Here is how to compute it:

A document's cookie context can be represented as a URI and largely
(but not exactly) follows the document's origin.

1) If the document does not have a browsing context (e.g., it was
retrieved via XMLHttpRequest or created using createDocument) then
it's cookie context is "" or about:blank (or whatever you prefer for
"I don't have a cookie context").

2) If the document was served over the network and has an address that
uses a URI scheme with a server-based naming authority, then the
document's cookie context is that URI.

3) If the document has the URI about:blank or "", then, like the
origin, the document's cooke context is the cookie context of the
parent browsing context (if it has a parent) or the cookie context of
the opener browsing context (if it has an opener but no parent).
Failing that, the document's cookie context is about:blank or "" (or
whatever you prefer for "I don't have a cookie context").

This is available in code form at <http://trac.webkit.org/changeset/34505>.

Adam
Received on Friday, 13 June 2008 23:31:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:41 UTC